Jump to content

Проблем с отваряне на Facebook

nono
 Share

Препоръчан пост

mst Новобранец

mst

Публикувано
Публикувано

Здравейте !

Искам да споделя с вас един проблем, който съществува от известно време.Когато се опитам да вляза във Фейсбук ми излиза празен екран в повечето случаи , но понякога успява да зареди страницата.Въвеждам си имейла и паролата , но не мога да вляза. Този проблем го прави само от моя компютър,през друг комп си влизам без проблем .Изчистих кеша на браузъра с CCleaner и сканирах с Malwarebytes' Anti-Malware - не откри нищо .

 

Ето сканирането с OTL :

 

п.п. Не ми се появява Extras.txt

OTL.Txt

Link to comment
Сподели другаде
  • Отговори 180
  • Създадена
  • Последен отговор

ТОП потребители в тази тема

Популярни дни

ТОП потребители в тази тема

Популярни дни

Публикувани изображения

Night_Raven Ентусиаст

Night_Raven

Публикувано
Публикувано

Ще се самоцитирам от предната страница:

Уверете се, че браузърите са последните версии, че всичките регионални настройки са както трябва, че часовникът е сверен и че операционната система е с всички важни актуализации.

Link to comment
Сподели другаде
Night_Raven Ентусиаст

Night_Raven

Публикувано
Публикувано

Дай тогава обновен дневник от OTL...

 

Изтегли OTL и го запази на работния плот:

- стартирай инструмента;

- постави отметка в горната част на Scan All Users;

- в поле Standard Registry избери All;

- от падащо меню File Age избери 90 Days;

- постави отметки още на: Skip Microsoft Files, LOP Check и Purity Check;

- в поле Custom Scans/Fixes (в долната част на програмата) постави следния текст (маркирай го, натисни Ctrl+C и после в полето на OTL натисни Ctrl+V):

netsvcs
msconfig
safebootminimal
safebootnetwork
"%WinDir%\$NtUninstallKB*$." /30
C:\Program Files\Common Files\ComObjects\*.* /s
%SYSTEMDRIVE%\*.*
%USERPROFILE%\*.*
%USERPROFILE%\AppData\Local\*.*
%USERPROFILE%\AppData\Roaming\*.*
%ProgramData%\*.*
%CommonProgramFiles%\*.*
%PROGRAMFILES%\*.*
%systemroot%\system32\config\systemprofile\AppData\Local\*.*
%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*
%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.*
%windir%	emp\*.*
%windir%\system32\*.
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
%systemroot%\system32\DBBK\*.* /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /rp /s
%systemroot%\assembly	mp\*.* /S /MD5
%systemroot%\assembly	emp\*.* /S /MD5
%systemroot%\assembly\GAC_32\*.* /S /MD5
%SystemRoot%\assembly\GAC_MSIL\*.* /S /MD5
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes /s
HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
/md5start
explorer.exe
lsass.exe
svchost.exe
wininit.exe
winlogon.exe
userinit.exe
atapi.sys
iaStor.sys
serial.sys
volsnap.sys
disk.sys
redbook.sys
i8042prt.sys
afd.sys
netbt.sys
csc.sys
tcpip.sys
dfsc.sys
hlp.dat
/md5stop

- кликни бутон Run Scan;

Изчакай сканирането да приключи. След края на сканирането автоматично ще се отворят двата новосъздадени на работния плот файла: OTL.txt и Extras.txt.

 

Моля, прикачи тези два файла (поотделно или в архив) към следващия си коментар.

Link to comment
Сподели другаде
Night_Raven Ентусиаст

Night_Raven

Публикувано
Публикувано

Хм, има неща, които са притеснителни.

 

Ако имаш антивирусна програма инсталирана, я спри, както и всякакви други излишни програми. Изтегли ComboFix (ако случайно вече имаш някаква версия, я замени) и го запази на работния плот.

Стартирай го, кликни I Agree, изчакай да се разархивира и сканира докрай. Не кликай по прозореца на инструмента. Ако бъдеш попитан(а) дали да бъде инсталирана Recovery Console, кликни Yes и потвърди след това с OK и отново Yes (два пъти). Сканирането ще продължи. Ако има нужда от рестарт, компютърът ще се рестартира автоматично. След рестарта трябва да продължи сканирането. Отново не закачай прозореца, докато той не се самозатвори. След това постави съдържанието на текстовия файл C:\ComboFix.txt тук или го прикачи към коментара си.

 

Ако не можеш да установиш връзка с интернет след използване на ComboFix, рестартирай системата.

Link to comment
Сподели другаде
mst Новобранец

mst

Публикувано
Публикувано

Ето резултата от сканирането :

------------------

 

ComboFix 12-07-30.03 - LittleJimmy 07.2012 г. 14:46:42.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1251.359.1033.18.2031.1225 [GMT 2:00]

Running from: c:\users\LittleJimmy\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

ADS - Windows: deleted 24 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\program files\update.exe

c:\users\LittleJimmy\AppData\Roaming\Directory

c:\users\LittleJimmy\AppData\Roaming\LittleJimmylog.dat

c:\users\LittleJimmy\AppData\Roaming\Secure-Soft Stealer

c:\users\LittleJimmy\Desktop\MP3 to RingTone Gold.lnk

c:\users\LittleJimmy\Documents\MOODC6D.tmp

c:\windows\ddraw.dll

c:\windows\system32\roboot.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))

.

.

2012-07-31 03:07 . 2012-07-31 03:07 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3DB5E75-63AA-4BEB-8675-20988D48F9B1}\offreg.dll

2012-07-30 13:27 . 2012-07-30 13:27 -------- d-----w- c:\users\LittleJimmy\AppData\Roaming\SUPERAntiSpyware.com

2012-07-30 13:27 . 2012-07-30 13:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-07-30 13:14 . 2012-07-30 13:14 -------- d-----w- c:\program files\Common Files\Java

2012-07-30 13:13 . 2012-07-30 13:13 -------- d-----w- c:\program files\Oracle

2012-07-30 13:13 . 2012-07-05 20:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-07-30 12:46 . 2012-07-30 12:46 -------- d-----w- c:\users\LittleJimmy\DoctorWeb

2012-07-30 06:06 . 2012-07-30 06:06 -------- d-----w- c:\users\LittleJimmy\AppData\Roaming\Malwarebytes

2012-07-30 06:06 . 2012-07-30 06:06 -------- d-----w- c:\programdata\Malwarebytes

2012-07-29 14:12 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3DB5E75-63AA-4BEB-8675-20988D48F9B1}\mpengine.dll

2012-07-11 01:00 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-07-06 08:45 . 2012-07-06 08:45 -------- d-----w- c:\users\LittleJimmy\AppData\Local\Opera

2012-07-06 08:45 . 2012-07-06 08:45 -------- d-----w- c:\program files\Opera

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-30 12:21 . 2012-04-04 19:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-30 12:21 . 2011-08-24 00:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-22 06:47 . 2011-09-02 02:00 76888 ----a-w- c:\windows\system32\PnkBstrA.exe

2012-07-22 06:47 . 2011-09-02 02:00 139048 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2012-07-22 06:45 . 2011-09-02 02:00 282296 ----a-w- c:\windows\system32\PnkBstrB.exe

2012-07-20 07:22 . 2011-09-02 02:00 103736 ----a-w- c:\windows\system32\PnkBstrB.ex0

2012-07-10 15:44 . 2011-09-10 02:35 282296 ----a-w- c:\windows\system32\PnkBstrB.xtr

2012-07-05 20:06 . 2011-11-03 17:18 687544 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-26 18:56 . 2012-06-26 18:56 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-06-26 18:56 . 2012-06-26 18:56 161792 ----a-w- c:\windows\system32\msls31.dll

2012-06-26 18:56 . 2012-06-26 18:56 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-06-26 18:56 . 2012-06-26 18:56 86528 ----a-w- c:\windows\system32\iesysprep.dll

2012-06-26 18:56 . 2012-06-26 18:56 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-06-26 18:56 . 2012-06-26 18:56 74752 ----a-w- c:\windows\system32\iesetup.dll

2012-06-26 18:56 . 2012-06-26 18:56 63488 ----a-w- c:\windows\system32 dc.ocx

2012-06-26 18:56 . 2012-06-26 18:56 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-06-26 18:56 . 2012-06-26 18:56 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-06-26 18:56 . 2012-06-26 18:56 367104 ----a-w- c:\windows\system32\html.iec

2012-06-26 18:56 . 2012-06-26 18:56 35840 ----a-w- c:\windows\system32\imgutil.dll

2012-06-26 18:56 . 2012-06-26 18:56 23552 ----a-w- c:\windows\system32\licmgr10.dll

2012-06-26 18:56 . 2012-06-26 18:56 152064 ----a-w- c:\windows\system32\wextract.exe

2012-06-26 18:56 . 2012-06-26 18:56 150528 ----a-w- c:\windows\system32\iexpress.exe

2012-06-26 18:56 . 2012-06-26 18:56 11776 ----a-w- c:\windows\system32\mshta.exe

2012-06-26 18:56 . 2012-06-26 18:56 101888 ----a-w- c:\windows\system32\admparse.dll

2012-06-02 22:19 . 2012-06-25 13:01 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-25 13:01 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-25 13:01 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-25 13:01 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-25 13:01 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-25 13:01 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-25 13:01 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 13:19 . 2012-06-25 13:00 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 13:12 . 2012-06-25 13:00 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-05-31 10:25 . 2011-08-24 00:42 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-04 09:59 . 2012-06-26 18:53 514560 ----a-w- c:\windows\system32\qdvd.dll

2010-09-21 08:04 . 2010-09-21 08:04 7054080 ----a-w- c:\program files s3client_win32.exe

2010-05-18 12:46 . 2010-05-18 12:46 397312 ----a-w- c:\program files\fmodex.dll

2010-05-17 08:29 . 2010-05-17 08:29 7692800 ----a-w- c:\program files\QtGui4.dll

2010-03-25 09:57 . 2010-03-25 09:57 2066944 ----a-w- c:\program files\QtCore4.dll

2010-03-22 09:59 . 2010-03-22 09:59 666624 ----a-w- c:\program files\QtNetwork4.dll

2012-07-18 10:23 . 2011-08-24 00:13 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 15:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 15:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 15:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 15:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 15:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 15:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 15:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 15:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 15:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-05-24 880496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-07 10082920]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"BingDesktop"="c:\program files\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk

backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^LittleJimmy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerStrip.lnk]

path=c:\users\LittleJimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerStrip.lnk

backup=c:\windows\pss\PowerStrip.lnk.Startup

backupExtension=.Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPeerNexonEU]

2011-09-08 04:23 438272 ----a-w- c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]

2008-12-13 04:44 306088 ----a-w- c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2011-07-11 21:47 74752 ----a-w- c:\program files\Winamp\winampa.exe

.

R0 acnzjhyt;acnzjhyt;c:\windows\c:\windows\system32\drivers\acnzjhyt.sys [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 dump_wmimmc;dump_wmimmc;c:\windows\system32\drivers\dump_wmimmc.sys [x]

R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\RpcAgentSrv.exe [x]

S0 SASKUTIL;SASKUTIL; [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]

S1 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]

S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPService REG_MULTI_SZ HPSLPSVC

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-31 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 12:21]

.

2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-132208950-3660432363-3532671861-1000Core.job

- c:\users\LittleJimmy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 19:21]

.

2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-132208950-3660432363-3532671861-1000UA.job

- c:\users\LittleJimmy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 19:21]

.

2012-07-30 c:\windows\Tasks\ParetoLogic Registration3.job

- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-04-06 21:30]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.bg/

TCP: DhcpNameServer = 10.55.0.1 0.0.0.0

FF - ProfilePath - c:\users\LittleJimmy\AppData\Roaming\Mozilla\Firefox\Profiles\sg1u4j1a.default-1340783415446\

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL

Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL

MSConfigStartUp-CloneCDTray - c:\program files\SlySoft\CloneCD\CloneCDTray.exe

MSConfigStartUp-MediaGet2 - c:\users\LittleJimmy\AppData\Local\MediaGet2\mediaget.exe

AddRemove-TeamSpeak 3 Client - c:\program files\uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-132208950-3660432363-3532671861-1000\Software\SecuROM\License information*]

"datasecu"=hex:c6,1e,1a,57,b9,fc,03,7e,5f,4d,8d,e0,04,8d,71,74,7d,db,a8,71,32,

1b,69,75,ca,20,3f,a5,41,02,56,c5,42,53,6f,9e,d8,65,f0,f0,dc,b6,67,76,af,5c,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-07-31 14:57:30

ComboFix-quarantined-files.txt 2012-07-31 12:57

.

Pre-Run: 63 327 059 968 bytes free

Post-Run: 71 841 472 512 bytes free

.

- - End Of File - - F8C9B8B6AAF92D75997CD8AC5421B74E

Link to comment
Сподели другаде
Night_Raven Ентусиаст

Night_Raven

Публикувано
Публикувано

Изтегли Farbar Service Scanner и го запази на работния плот.

Стартирай инструмента, постави отметки на всички услуги и кликни бутон Scan. Изчакай да приключи сканирането и накрая ще се отвори дневник в Notepad. Копирай съдържанието му в следващия си коментар.

Link to comment
Сподели другаде
mst Новобранец

mst

Публикувано
Публикувано

Сканиране с FSS :

------------------------

 

Farbar Service Scanner Version: 26-07-2012

Ran by LittleJimmy (administrator) on 01-08-2012 at 06:55:46

Running from "C:\Users\LittleJimmy\Desktop"

Microsoft Windows 7 Home Premium Service Pack 1 (X86)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy:

==================

 

 

System Restore:

============

 

System Restore Disabled Policy:

========================

 

 

Action Center:

============

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy:

============================

 

 

Windows Defender:

==============

 

Other Services:

==============

 

sharedaccess Service is not running. Checking service configuration:

The start type of sharedaccess service is set to Auto

The ImagePath of sharedaccess service is OK.

The ServiceDll of sharedaccess service is OK.

 

 

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcore.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers dx.sys => MD5 is legit

C:\Windows\system32\Drivers cpip.sys => MD5 is legit

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\system32\ipnathlp.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

 

 

**** End of log ****

Link to comment
Сподели другаде
Night_Raven Ентусиаст

Night_Raven

Публикувано
Публикувано

Дневникът изглежда чист. Да опитаме отново с OTL с леко обновени допълнителни команди, но не изглежда като че ли да има упорит зловреден код.

 

Изтегли OTL и го запази на работния плот:

- стартирай инструмента;

- постави отметка в горната част на Scan All Users;

- в поле Standard Registry избери All;

- от падащо меню File Age избери 90 Days;

- постави отметки още на: Skip Microsoft Files, LOP Check и Purity Check;

- в поле Custom Scans/Fixes (в долната част на програмата) постави следния текст (маркирай го, натисни Ctrl+C и после в полето на OTL натисни Ctrl+V):

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.*
%USERPROFILE%\*.*
%USERPROFILE%\AppData\Local\*.*
%USERPROFILE%\AppData\Roaming\*.*
%ProgramData%\*.*
%CommonProgramFiles%\*.*
%CommonProgramFiles%\ComObjects*.*
%PROGRAMFILES%\*.*
%systemroot%\system32\config\systemprofile\AppData\Local\*.*
%systemroot%\system32\config\systemprofile\AppData\Roaming\*.*
%windir%\SysWOW64\config\systemprofile\AppData\Local\*.*
%windir%\SysWOW64\config\systemprofile\AppData\Roaming\*.*
%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*
%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.*
%windir%\temp\*.*
%windir%\minidump\*.*
%windir%\*.
%windir%\installer\*.
%windir%\system32\*.
%windir%\sysnative\*.
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\syswow64\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\syswow64\drivers\*.sys /90
%systemroot%\syswow64\drivers\*.sys /lockedfiles
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /rp /s
%systemroot%\assembly\tmp\*.* /S /MD5
%systemroot%\assembly\temp\*.* /S /MD5
%systemroot%\assembly\GAC\*.* /S /MD5
%systemroot%\assembly\GAC_32\*.* /S /MD5
%systemroot%\assembly\GAC_64\*.* /S /MD5
%SystemRoot%\assembly\GAC_MSIL\*.* /S /MD5
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
HKEY_CURRENT_USER\Software\MSOLoad /s
c:\system volume information|_REGISTRY_MACHINE_SYSTEM;true;true;true /FP
c:\system volume information|_REGISTRY_MACHINE_SOFTWARE;true;true;true /FP
bcdedit /enum all /v >C:\boot.txt /c
echo list vol > C:\commands.txt | diskpart /s C:\commands.txt > C:\DiskReport.txt /c
restorepoints
/md5start
consrv.dll
services.exe
explorer.exe
lsass.exe
svchost.exe
wininit.exe
winlogon.exe
userinit.exe
atapi.sys
iaStor.sys
serial.sys
volsnap.sys
disk.sys
redbook.sys
i8042prt.sys
afd.sys
netbt.sys
csc.sys
tcpip.sys
dfsc.sys
hlp.dat
str.sys
crexv.ocx
/md5stop

- кликни бутон Run Scan;

Изчакай сканирането да приключи. След края на сканирането автоматично ще се отворят двата новосъздадени на работния плот файла: OTL.txt и Extras.txt.

 

Моля, прикачи тези два файла (поотделно или в архив) към следващия си коментар.

Link to comment
Сподели другаде
mst Новобранец

mst

Публикувано
Публикувано

OTL logfile created on: 1.8.2012 г. 13:29:34 - Run 3

OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\LittleJimmy\Desktop

Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: d.M.yyyy 'г.'

 

1,98 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 42,20% Memory free

3,97 Gb Paging File | 2,25 Gb Available in Paging File | 56,74% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 189,79 Gb Total Space | 76,32 Gb Free Space | 40,21% Space Free | Partition Type: NTFS

Drive D: | 406,38 Gb Total Space | 98,43 Gb Free Space | 24,22% Space Free | Partition Type: NTFS

Drive F: | 671,04 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: JIMMY | User Name: LittleJimmy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012.08.01 13:27:06 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\LittleJimmy\Desktop\OTL.exe

PRC - [2012.07.30 14:21:20 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe

PRC - [2012.07.18 12:23:09 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2012.05.24 09:29:18 | 000,880,496 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe

PRC - [2012.03.30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe

PRC - [2011.12.06 05:12:16 | 000,404,992 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2011.12.06 05:11:44 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

PRC - [2011.11.24 05:29:22 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2011.10.14 23:49:38 | 000,745,832 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files\Tunngle\TnglCtrl.exe

PRC - [2011.09.22 22:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

PRC - [2011.09.22 22:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

PRC - [2011.08.02 09:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe

PRC - [2011.07.28 19:52:06 | 000,018,472 | ---- | M] (WeGame.com, Inc.) -- C:\Program Files\WeGame\wgclientservice.exe

PRC - [2011.06.02 06:16:12 | 000,539,416 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

PRC - [2011.05.20 20:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32 askhost.exe

PRC - [2010.10.06 07:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010.10.06 07:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2008.03.20 02:52:44 | 000,166,520 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

PRC - [2008.03.20 02:52:38 | 000,051,816 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

PRC - [2000.12.30 22:39:58 | 000,151,552 | ---- | M] () -- C:\Windows\Datecs\Flex2K.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012.07.30 14:21:20 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_268.dll

MOD - [2012.07.18 12:23:08 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2012.06.13 03:25:36 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll

MOD - [2012.06.13 03:25:27 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll

MOD - [2012.06.13 03:25:15 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012.06.13 03:25:09 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012.06.13 03:25:04 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll

MOD - [2012.06.13 02:30:40 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll

MOD - [2012.05.12 07:23:18 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll

MOD - [2012.05.12 06:55:00 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll

MOD - [2012.05.12 06:54:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll

MOD - [2012.05.12 06:54:07 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dll

MOD - [2012.05.12 06:54:07 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll

MOD - [2012.05.12 06:53:57 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll

MOD - [2012.05.12 06:53:53 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012.05.12 06:53:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012.05.12 06:53:41 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012.05.12 06:53:34 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2011.12.06 08:10:38 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

MOD - [2011.11.24 05:29:08 | 000,349,504 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll

MOD - [2011.05.29 07:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2000.12.30 22:39:58 | 000,151,552 | ---- | M] () -- C:\Windows\Datecs\Flex2K.exe

MOD - [2000.12.13 10:55:40 | 000,028,672 | ---- | M] () -- C:\Windows\System32\newdll.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] -- C:\Users\LittleJimmy\AppData\Local\Temp\7zS0D48\hpslpsvc32.dll -- (HPSLPSVC)

SRV - [2012.07.30 14:21:21 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.07.18 12:23:08 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.03.30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)

SRV - [2012.01.19 05:31:59 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.12.07 13:00:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2011.12.06 05:11:44 | 000,163,328 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2011.11.24 05:29:22 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2011.10.14 23:49:38 | 000,745,832 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)

SRV - [2011.09.22 22:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)

SRV - [2011.07.28 19:52:06 | 000,018,472 | ---- | M] (WeGame.com, Inc.) [Auto | Running] -- C:\Program Files\WeGame\wgclientservice.exe -- (WeGameClientService)

SRV - [2011.05.20 20:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010.10.06 07:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010.10.06 07:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008.12.12 13:20:08 | 000,095,896 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\RpcAgentSrv.exe -- (SandraAgentSrv)

SRV - [2008.03.20 02:52:44 | 000,166,520 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)

SRV - [2008.03.20 02:52:38 | 000,051,816 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\dump_wmimmc.sys -- (dump_wmimmc)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\LITTLE~1\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (anxmnucd)

DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\acnzjhyt.sys -- (acnzjhyt)

DRV - [2011.12.06 05:44:22 | 009,067,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)

DRV - [2011.12.06 04:11:50 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)

DRV - [2011.11.24 06:54:00 | 011,147,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2011.10.17 19:40:44 | 000,085,520 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)

DRV - [2011.09.24 01:50:46 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV - [2011.09.24 01:49:27 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2011.09.22 20:44:44 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)

DRV - [2011.09.21 20:25:34 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)

DRV - [2011.08.10 00:24:52 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)

DRV - [2011.08.04 19:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)

DRV - [2011.08.04 19:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)

DRV - [2011.08.04 00:20:38 | 000,016,128 | ---- | M] (RSJ Software GmbH) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\vproiah.sys -- (vproiah)

DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010.10.19 23:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)

DRV - [2009.09.16 17:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers ap0901t.sys -- (tap0901t)

DRV - [2009.08.08 08:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\WNt500x86\sandra.sys -- (SANDRA)

DRV - [2009.05.24 09:51:00 | 000,014,848 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\unisofthid.sys -- (unisofthid)

DRV - [2007.07.15 03:37:04 | 000,027,992 | ---- | M] (EnTech Taiwan) [Kernel | System | Running] -- C:\Windows\System32\drivers\pstrip.sys -- (PStrip)

DRV - [2007.06.25 07:56:54 | 000,038,920 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)

DRV - [2007.06.25 07:56:40 | 000,027,656 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)

DRV - [2007.06.25 07:56:34 | 000,034,312 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)

DRV - [2007.03.06 06:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT)

DRV - [2007.03.06 06:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BtHidMgr.sys -- (BTHidMgr)

DRV - [2007.03.06 06:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\VBTEnum.sys -- (BTHidEnum)

DRV - [2007.03.06 06:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)

DRV - [2007.03.06 06:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)

DRV - [2007.02.16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)

DRV - [2005.01.03 08:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)

 

 

========== Standard Registry (All) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

 

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

 

IE - HKU\S-1-5-21-132208950-3660432363-3532671861-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKU\S-1-5-21-132208950-3660432363-3532671861-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-21-132208950-3660432363-3532671861-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/

IE - HKU\S-1-5-21-132208950-3660432363-3532671861-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg

IE - HKU\S-1-5-21-132208950-3660432363-3532671861-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 E0 8C AF 0E A6 CC 01 [binary data]

IE - HKU\S-1-5-21-132208950-3660432363-3532671861-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-132208950-3660432363-3532671861-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-132208950-3660432363-3532671861-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-132208950-3660432363-3532671861-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100489&mntrId=e0af1b0f00000000000000ff71aad347

IE - HKU\S-1-5-21-132208950-3660432363-3532671861-1000\..\SearchScopes\{353944CD-FBDB-4A6B-813F-AA90F0065496}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox

IE - HKU\S-1-5-21-132208950-3660432363-3532671861-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

IE - HKU\S-1-5-21-132208950-3660432363-3532671861-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Fiesta Bar Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT670374&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.startup.homepage: "zamunda.net"

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT670374&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()

FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found

FF - HKLM\Software\MozillaPlugins\@iahgames.com/prodown: C:\Program Files\IAHgames\Playfast\npiahpd.dll (RSJ Software GmbH)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@rsj.de/prodown: File not found

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\LittleJimmy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\LittleJimmy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.25 18:23:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 12:23:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.13 23:19:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.11.12 06:59:34 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.25 18:23:43 | 000,000,000 | ---D | M]

 

[2011.08.24 02:13:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LittleJimmy\AppData\Roaming\Mozilla\Extensions

[2012.06.03 21:24:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LittleJimmy\AppData\Roaming\Mozilla\Firefox\Profiles\938udgwm.default\extensions

[2012.05.31 16:58:00 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\LittleJimmy\AppData\Roaming\Mozilla\Firefox\Profiles\938udgwm.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}

[2012.05.31 07:00:16 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\LittleJimmy\AppData\Roaming\Mozilla\Firefox\Profiles\938udgwm.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

[2012.05.20 19:15:16 | 000,000,000 | ---D | M] (Fiesta Bar Community Toolbar) -- C:\Users\LittleJimmy\AppData\Roaming\Mozilla\Firefox\Profiles\938udgwm.default\extensions\{e26f8e74-7ae2-45df-9069-93d88f40c9fd}

[2012.06.03 21:24:04 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\LittleJimmy\AppData\Roaming\Mozilla\Firefox\Profiles\938udgwm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2012.01.03 08:55:18 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\LittleJimmy\AppData\Roaming\Mozilla\Firefox\Profiles\938udgwm.default\extensions\battlefieldplay4free@ea.com

[2011.12.15 21:00:44 | 000,000,000 | ---D | M] (U2bview Firefox Add-on) -- C:\Users\LittleJimmy\AppData\Roaming\Mozilla\Firefox\Profiles\938udgwm.default\extensions\noreply@u2bviews.com

[2012.06.28 19:48:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LittleJimmy\AppData\Roaming\Mozilla\Firefox\Profiles\sg1u4j1a.default-1340783415446\extensions

[2012.01.04 11:33:40 | 000,000,921 | ---- | M] () -- C:\Users\LittleJimmy\AppData\Roaming\Mozilla\Firefox\Profiles\938udgwm.default\searchplugins\conduit.xml

[2012.01.22 04:13:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012.07.18 12:23:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2011.12.15 21:31:38 | 000,061,854 | ---- | M] () (No name found) -- C:\USERS\LITTLEJIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\938UDGWM.DEFAULT\EXTENSIONS\YTVDW@PGPORT.COM.XPI

[2012.07.18 12:23:09 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2007.04.30 16:29:22 | 000,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll

[2011.11.03 19:18:18 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.09.30 08:01:11 | 000,001,083 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\911bg.xml

[2011.09.30 08:01:11 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2011.11.30 06:21:29 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

[2011.09.30 08:01:11 | 000,002,442 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\diribg.xml

[2012.07.18 12:23:07 | 000,003,368 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2011.09.30 08:01:11 | 000,001,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pe-bg.xml

[2011.09.30 08:01:11 | 000,001,857 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\portalbgdict.xml

[2011.09.30 08:01:11 | 000,001,220 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-bg.xml

 

========== Chrome ==========

 

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\LittleJimmy\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\LittleJimmy\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\LittleJimmy\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll

CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: IAHGames (Enabled) = C:\Program Files\IAHgames\Playfast\npiahpd.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll

CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll

CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll

CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll

CHR - plugin: Google Update (Enabled) = C:\Users\LittleJimmy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - Extension: YouTube = C:\Users\LittleJimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: Google \u0422\u044A\u0440\u0441\u0435\u043D\u0435 = C:\Users\LittleJimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: Gmail = C:\Users\LittleJimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

 

O1 HOSTS File: ([2012.07.31 14:55:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O4 - HKLM..\Run: [bingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)

O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-21-132208950-3660432363-3532671861-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-132208950-3660432363-3532671861-1000..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - HKU\S-1-5-21-132208950-3660432363-3532671861-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-132208950-3660432363-3532671861-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-132208950-3660432363-3532671861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-132208950-3660432363-3532671861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.55.0.1 0.0.0.0

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FB06BCE-1163-4997-9F4A-10CF01275F42}: DhcpNameServer = 10.55.0.1 0.0.0.0

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13FF18AE-AA40-4CEE-9B9B-F9EFEA323690}: DhcpNameServer = 10.55.0.1 0.0.0.0

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52CBBCCC-7105-4DE0-BD5A-7D608ACDF4C3}: DhcpNameServer = 10.55.0.1 0.0.0.0

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71AAD347-C826-4CCB-A14C-CA7ACE63632F}: DhcpNameServer = 7.254.254.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE0276BE-4C50-4B12-A561-F5A575B5B462}: DhcpNameServer = 10.55.0.1 0.0.0.0

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler v {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32 spkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2005.11.04 08:24:50 | 000,000,000 | ---D | M] - F:\AutoRun -- [ CDFS ]

O32 - AutoRun File - [2005.11.04 07:52:23 | 000,729,088 | R--- | M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2005.10.14 10:02:16 | 000,585,728 | R--- | M] (Electronic Arts Inc.) - F:\AutoRunGUI.dll -- [ CDFS ]

O32 - AutoRun File - [2005.11.04 08:22:30 | 000,000,160 | R--- | M] () - F:\autorun.inf -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk - C:\Program Files\GamersFirst\LIVE!\Live.exe - (GamersFirst)

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - - File not found

MsConfig - StartUpFolder: C:^Users^LittleJimmy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerStrip.lnk - C:\Program Files\PowerStrip\PStrip.exe - (EnTech Taiwan)

MsConfig - StartUpReg: KPeerNexonEU - hkey= - key= - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)

MsConfig - StartUpReg: RGSC - hkey= - key= - C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)

MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)

MsConfig - State: "startup" - 2

 

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS - File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS - File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32 hemeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.aacacm - C:\Windows\System32\AACACM.acm (fccHandler)

Drivers32: msacm.ac3acm - ac3acm.acm File not found

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()

Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()

Drivers32: msacm.bdmpeg - C:\Windows\System32\bdmpega.acm ()

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3pacm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - lameACM.acm File not found

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.FFDS - ff_vfw.dll File not found

Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)

Drivers32: VIDC.LAGS - lagarith.dll File not found

Drivers32: vidc.mjpg - C:\Windows\System32\bdmjpeg.dll ()

Drivers32: vidc.mpeg - C:\Windows\System32\bdmpegv.dll ()

Drivers32: VIDC.RTV1 - C:\Windows\System32\rtvcvfw32.dll ()

Drivers32: vidc.tscc - C:\Windows\System32 sccvid.dll (TechSmith Corporation)

Drivers32: VIDC.X264 - x264vfw.dll File not found

 

========== Files/Folders - Created Within 90 Days ==========

 

[2012.08.01 13:27:03 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\LittleJimmy\Desktop\OTL.exe

[2012.08.01 13:26:39 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\LittleJimmy\Desktop\OTL.exe.part

[2012.08.01 06:54:43 | 000,694,833 | ---- | C] (Farbar) -- C:\Users\LittleJimmy\Desktop\FSS.exe

[2012.07.31 14:57:33 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\AppData\Local emp

[2012.07.31 14:55:36 | 000,000,000 | ---D | C] -- C:\Windows emp

[2012.07.31 14:45:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012.07.31 14:45:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012.07.31 14:45:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012.07.31 14:44:56 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.07.31 14:44:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012.07.31 14:43:32 | 004,721,982 | R--- | C] (Swearware) -- C:\Users\LittleJimmy\Desktop\ComboFix.exe

[2012.07.31 13:32:48 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\Documents\otl

[2012.07.30 15:53:10 | 000,108,032 | ---- | C] (Pz Crack Team) -- C:\Users\LittleJimmy\Documents\Flex Type Key Generator.EXE

[2012.07.30 15:48:39 | 000,108,032 | ---- | C] (Pz Crack Team) -- C:\Users\LittleJimmy\Documents\FlexType2kKeygen.EXE

[2012.07.30 15:27:35 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\AppData\Roaming\SUPERAntiSpyware.com

[2012.07.30 15:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012.07.30 15:27:04 | 018,848,984 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\LittleJimmy\Documents\SUPERAntiSpyware.exe

[2012.07.30 15:14:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012.07.30 15:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle

[2012.07.30 15:13:19 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll

[2012.07.30 15:13:19 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2012.07.30 15:11:10 | 000,893,936 | ---- | C] (Oracle Corporation) -- C:\Users\LittleJimmy\Documents\jxpiinstall.exe

[2012.07.30 14:46:19 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\DoctorWeb

[2012.07.30 08:06:42 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\AppData\Roaming\Malwarebytes

[2012.07.30 08:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.07.20 21:50:04 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\Documents\NFS Most Wanted

[2012.07.19 21:43:14 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\Desktop\comersialno

[2012.07.19 14:05:58 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\Documents\NFS ProStreet

[2012.07.06 10:45:49 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\AppData\Roaming\Opera

[2012.07.06 10:45:49 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\AppData\Local\Opera

[2012.07.06 10:45:42 | 000,000,000 | ---D | C] -- C:\Program Files\Opera

[2012.07.02 10:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX - Eidos Interactive

[2012.06.26 20:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2012.06.26 20:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop

[2012.06.26 20:51:38 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0

[2012.06.26 07:29:16 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\AppData\Local\HP

[2012.06.25 18:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG

[2012.06.25 18:26:54 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\AppData\Roaming\HP

[2012.06.25 18:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant

[2012.06.25 18:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

[2012.06.25 18:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard

[2012.06.25 18:21:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP

[2012.06.25 18:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\HP

[2012.06.25 18:17:08 | 000,675,840 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpowiav1.dll

[2012.06.25 18:17:08 | 000,452,408 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll

[2012.06.25 18:17:08 | 000,303,104 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpovst01.dll

[2012.06.25 18:17:07 | 000,573,440 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpotscl1.dll

[2012.06.25 17:21:09 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\AppData\Roaming\HP DESKJET F380 Driver Utility

[2012.06.25 17:20:31 | 002,025,987 | ---- | C] (Lavians Inc. ) -- C:\Users\LittleJimmy\Desktop\hp-deskjet-f380-driver-utility.exe

[2012.06.24 18:43:23 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\AppData\Local\Macromedia

[2012.06.20 20:42:05 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\AppData\Local\pLan

[2012.06.19 20:53:10 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\AppData\Local\NFS Underground 2

[2012.06.17 21:21:40 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012.06.15 11:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core

[2012.06.15 11:15:46 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\Documents\FIFA 09

[2012.06.13 23:36:49 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\Documents\FIFA 08

[2012.05.22 20:42:51 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\Documents\FIFA 2005

[2012.05.22 19:54:26 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\AppData\Roaming\Rovio

[2012.05.20 16:19:04 | 015,577,088 | ---- | C] (Disney Interactive Studios) -- C:\Users\LittleJimmy\Desktop\Game-TS3.exe

[2012.05.19 13:00:49 | 001,703,936 | ---- | C] (NCT Company) -- C:\Windows\System32\NCTAudioFile.dll

[2012.05.19 13:00:49 | 000,892,928 | ---- | C] (NCT Company) -- C:\Windows\System32\NCTAudioInformation.dll

[2012.05.19 13:00:49 | 000,503,808 | ---- | C] (NCT Company) -- C:\Windows\System32\NCTAudioEditor.dll

[2012.05.19 13:00:49 | 000,339,968 | ---- | C] (NCT Company) -- C:\Windows\System32\NCTAudioTransform.dll

[2012.05.19 13:00:49 | 000,327,680 | ---- | C] (NCT Company) -- C:\Windows\System32\NCTAudioGrabber.dll

[2012.05.19 13:00:49 | 000,290,816 | ---- | C] (NCT Company) -- C:\Windows\System32\NCTWMAFile.dll

[2012.05.19 13:00:49 | 000,282,624 | ---- | C] (NCT Company) -- C:\Windows\System32\NCTAudioVisualization.dll

[2012.05.19 13:00:49 | 000,274,432 | ---- | C] (NCT Company) -- C:\Windows\System32\NCTAudioRecord.dll

[2012.05.19 13:00:49 | 000,274,432 | ---- | C] (NCT Company) -- C:\Windows\System32\NCTAudioPlayer.dll

[2012.05.19 13:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 To Ringtone Gold

[2012.05.19 13:00:49 | 000,000,000 | ---D | C] -- C:\AnMingringtone

[2012.05.19 13:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\AnMing

[2010.09.21 10:04:10 | 007,054,080 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Program Files s3client_win32.exe

[2010.05.18 14:46:32 | 000,397,312 | ---- | C] (Firelight Technologies) -- C:\Program Files\fmodex.dll

 

========== Files - Modified Within 90 Days ==========

 

[2012.08.01 13:31:00 | 000,001,032 | ---- | M] () -- C:\Windows asks\GoogleUpdateTaskUserS-1-5-21-132208950-3660432363-3532671861-1000UA.job

[2012.08.01 13:27:06 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\LittleJimmy\Desktop\OTL.exe

[2012.08.01 13:26:47 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\LittleJimmy\Desktop\OTL.exe.part

[2012.08.01 13:08:00 | 000,000,830 | ---- | M] () -- C:\Windows asks\Adobe Flash Player Updater.job

[2012.08.01 07:14:19 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.08.01 07:14:19 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.08.01 07:11:38 | 000,661,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.08.01 07:11:38 | 000,125,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.08.01 07:06:51 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2012.08.01 07:06:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.08.01 07:06:45 | 1597,378,560 | -HS- | M] () -- C:\hiberfil.sys

[2012.08.01 07:05:39 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat

[2012.08.01 06:54:48 | 000,694,833 | ---- | M] (Farbar) -- C:\Users\LittleJimmy\Desktop\FSS.exe

[2012.08.01 05:31:00 | 000,000,980 | ---- | M] () -- C:\Windows asks\GoogleUpdateTaskUserS-1-5-21-132208950-3660432363-3532671861-1000Core.job

[2012.07.31 18:00:00 | 000,000,456 | ---- | M] () -- C:\Windows asks\ParetoLogic Registration3.job

[2012.07.31 14:55:37 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012.07.31 14:43:48 | 004,721,982 | R--- | M] (Swearware) -- C:\Users\LittleJimmy\Desktop\ComboFix.exe

[2012.07.31 13:33:24 | 000,051,060 | ---- | M] () -- C:\Users\LittleJimmy\Documents\otl.rar

[2012.07.30 23:15:23 | 004,312,546 | ---- | M] () -- C:\Users\LittleJimmy\Desktop\Nicole Scherzinger - Baby Love ft. will.i.am.mp3

[2012.07.30 23:11:40 | 010,345,579 | ---- | M] () -- C:\Users\LittleJimmy\Desktop\50 Cent ft Nicole Scherzinger - Right there (heminei.com) (36614).mp3

[2012.07.30 23:09:48 | 010,458,962 | ---- | M] () -- C:\Users\LittleJimmy\Desktop\Nicole Scherzinger - Dont Hold Your Breath (Kaskade Club Mix) (heminei.com) (44011).mp3

[2012.07.30 22:51:38 | 003,245,080 | ---- | M] () -- C:\Users\LittleJimmy\Desktop\Ciara and Missy Eliott - 1, 2 Step (heminei.com) (29138).mp3

[2012.07.30 22:47:23 | 005,759,178 | ---- | M] () -- C:\Users\LittleJimmy\Desktop\Ciara - Like a boy (heminei.com) (22315).mp3

[2012.07.30 22:44:49 | 008,862,775 | ---- | M] () -- C:\Users\LittleJimmy\Desktop\Keri Hilson - I Like (heminei.com) (13695).mp3

[2012.07.30 22:42:39 | 008,901,637 | ---- | M] () -- C:\Users\LittleJimmy\Desktop\Keri Hilson ft. Nelly - Lose Control (heminei.com) (25669).mp3

[2012.07.30 22:37:20 | 006,111,862 | ---- | M] () -- C:\Users\LittleJimmy\Desktop\Chris Brown - With You (heminei.com) (29225).mp3

[2012.07.30 15:53:11 | 000,108,032 | ---- | M] (Pz Crack Team) -- C:\Users\LittleJimmy\Documents\Flex Type Key Generator.EXE

[2012.07.30 15:48:39 | 000,108,032 | ---- | M] (Pz Crack Team) -- C:\Users\LittleJimmy\Documents\FlexType2kKeygen.EXE

[2012.07.30 15:27:21 | 018,848,984 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\LittleJimmy\Documents\SUPERAntiSpyware.exe

[2012.07.30 15:12:55 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2012.07.30 15:12:55 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2012.07.30 15:11:22 | 000,893,936 | ---- | M] (Oracle Corporation) -- C:\Users\LittleJimmy\Documents\jxpiinstall.exe

[2012.07.30 15:04:59 | 000,071,766 | ---- | M] () -- C:\Users\LittleJimmy\Documents\cc_20120730_150452.reg

[2012.07.30 14:21:20 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012.07.30 14:21:20 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012.07.22 08:47:39 | 000,139,048 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2012.07.20 21:45:23 | 000,000,982 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk

[2012.07.20 09:22:29 | 000,103,736 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0

[2012.07.11 03:20:47 | 000,277,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.07.10 17:44:08 | 000,282,296 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr

[2012.07.06 10:45:44 | 000,001,775 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk

[2012.07.05 22:06:48 | 000,227,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2012.07.05 22:06:30 | 000,772,544 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll

[2012.07.05 22:06:20 | 000,687,544 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll

[2012.07.02 10:31:11 | 000,001,264 | ---- | M] () -- C:\Users\Public\Desktop\Lara Croft and the Guardian of Light.lnk

[2012.06.27 09:48:13 | 000,010,350 | ---- | M] () -- C:\Users\LittleJimmy\Documents\cc_20120627_094809.reg

[2012.06.26 20:59:21 | 000,001,407 | ---- | M] () -- C:\Users\LittleJimmy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012.06.26 20:56:00 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

[2012.06.26 20:49:12 | 000,061,670 | ---- | M] () -- C:\Users\LittleJimmy\Documents\cc_20120626_204906.reg

[2012.06.25 18:26:45 | 000,221,280 | ---- | M] () -- C:\Windows\hpoins19.dat

[2012.06.25 18:23:31 | 000,002,125 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk

[2012.06.25 18:22:44 | 000,001,273 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk

[2012.06.25 18:22:37 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk

[2012.06.25 18:22:19 | 000,002,069 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[2012.06.25 17:52:06 | 380,301,136 | ---- | M] () -- C:\Users\LittleJimmy\Desktop\AIO_CDB_NonNet_Full_Win_WW_130_141.exe

[2012.06.25 17:20:44 | 002,025,987 | ---- | M] (Lavians Inc. ) -- C:\Users\LittleJimmy\Desktop\hp-deskjet-f380-driver-utility.exe

[2012.06.19 20:51:23 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed Underground 2.lnk

[2012.06.15 11:14:09 | 000,001,557 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 09.lnk

[2012.06.03 13:10:41 | 000,010,240 | ---- | M] () -- C:\Users\LittleJimmy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.05.30 16:44:12 | 000,000,111 | ---- | M] () -- C:\Users\LittleJimmy\Desktop oy2.err

[2012.05.15 14:44:30 | 000,052,085 | ---- | M] () -- C:\Users\LittleJimmy\Desktop\how.i.met.your.mother.s07e23e24(subsunacs.net).rar

[2012.05.09 20:33:57 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 12.lnk

 

========== Files Created - No Company Name ==========

 

[2012.07.31 14:45:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012.07.31 14:45:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012.07.31 14:45:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012.07.31 14:45:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012.07.31 14:45:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012.07.31 13:33:24 | 000,051,060 | ---- | C] () -- C:\Users\LittleJimmy\Documents\otl.rar

[2012.07.30 23:14:58 | 004,312,546 | ---- | C] () -- C:\Users\LittleJimmy\Desktop\Nicole Scherzinger - Baby Love ft. will.i.am.mp3

[2012.07.30 23:11:31 | 010,345,579 | ---- | C] () -- C:\Users\LittleJimmy\Desktop\50 Cent ft Nicole Scherzinger - Right there (heminei.com) (36614).mp3

[2012.07.30 23:09:40 | 010,458,962 | ---- | C] () -- C:\Users\LittleJimmy\Desktop\Nicole Scherzinger - Dont Hold Your Breath (Kaskade Club Mix) (heminei.com) (44011).mp3

[2012.07.30 22:51:37 | 003,245,080 | ---- | C] () -- C:\Users\LittleJimmy\Desktop\Ciara and Missy Eliott - 1, 2 Step (heminei.com) (29138).mp3

[2012.07.30 22:47:16 | 005,759,178 | ---- | C] () -- C:\Users\LittleJimmy\Desktop\Ciara - Like a boy (heminei.com) (22315).mp3

[2012.07.30 22:44:37 | 008,862,775 | ---- | C] () -- C:\Users\LittleJimmy\Desktop\Keri Hilson - I Like (heminei.com) (13695).mp3

[2012.07.30 22:42:21 | 008,901,637 | ---- | C] () -- C:\Users\LittleJimmy\Desktop\Keri Hilson ft. Nelly - Lose Control (heminei.com) (25669).mp3

[2012.07.30 22:37:06 | 006,111,862 | ---- | C] () -- C:\Users\LittleJimmy\Desktop\Chris Brown - With You (heminei.com) (29225).mp3

[2012.07.30 15:04:54 | 000,071,766 | ---- | C] () -- C:\Users\LittleJimmy\Documents\cc_20120730_150452.reg

[2012.07.30 13:59:55 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl

[2012.07.20 21:45:23 | 000,000,982 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk

[2012.07.06 10:45:45 | 000,001,787 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk

[2012.07.06 10:45:44 | 000,001,775 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk

[2012.07.02 10:31:11 | 000,001,264 | ---- | C] () -- C:\Users\Public\Desktop\Lara Croft and the Guardian of Light.lnk

[2012.06.27 10:36:11 | 000,441,253 | R--- | C] () -- C:\Users\LittleJimmy\Documents\hosts

[2012.06.27 09:48:12 | 000,010,350 | ---- | C] () -- C:\Users\LittleJimmy\Documents\cc_20120627_094809.reg

[2012.06.26 20:56:00 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2012.06.26 20:49:09 | 000,061,670 | ---- | C] () -- C:\Users\LittleJimmy\Documents\cc_20120626_204906.reg

[2012.06.25 18:23:31 | 000,002,125 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk

[2012.06.25 18:22:55 | 000,001,024 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk

[2012.06.25 18:22:44 | 000,001,273 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk

[2012.06.25 18:22:37 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk

[2012.06.25 18:22:19 | 000,002,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[2012.06.25 18:17:31 | 000,221,280 | ---- | C] () -- C:\Windows\hpoins19.dat

[2012.06.25 18:17:31 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat

[2012.06.25 17:27:17 | 380,301,136 | ---- | C] () -- C:\Users\LittleJimmy\Desktop\AIO_CDB_NonNet_Full_Win_WW_130_141.exe

[2012.06.19 20:51:23 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed Underground 2.lnk

[2012.06.17 21:21:15 | 000,001,032 | ---- | C] () -- C:\Windows asks\GoogleUpdateTaskUserS-1-5-21-132208950-3660432363-3532671861-1000UA.job

[2012.06.17 21:21:15 | 000,000,980 | ---- | C] () -- C:\Windows asks\GoogleUpdateTaskUserS-1-5-21-132208950-3660432363-3532671861-1000Core.job

[2012.06.15 11:14:09 | 000,001,557 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 09.lnk

[2012.05.19 13:00:49 | 000,336,896 | ---- | C] () -- C:\Windows\System32\ammppg.dll

[2012.05.19 13:00:49 | 000,303,104 | ---- | C] () -- C:\Windows\System32\qscl.dll

[2012.05.19 13:00:49 | 000,233,472 | ---- | C] () -- C:\Windows\System32\lame_enc.dll

[2012.05.19 13:00:49 | 000,212,992 | ---- | C] () -- C:\Windows\System32\amrdec.dll

[2012.05.19 13:00:49 | 000,144,896 | ---- | C] () -- C:\Windows\System32\lame_dshow.ax

[2012.05.19 13:00:49 | 000,081,920 | ---- | C] () -- C:\Windows\System32\qcpsdk.dll

[2012.05.19 13:00:49 | 000,073,728 | ---- | C] () -- C:\Windows\System32\a1.dll

[2012.05.15 14:44:30 | 000,052,085 | ---- | C] () -- C:\Users\LittleJimmy\Desktop\how.i.met.your.mother.s07e23e24(subsunacs.net).rar

[2012.05.09 20:33:57 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 12.lnk

[2012.05.09 20:33:57 | 000,000,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 12.lnk

[2012.02.08 21:08:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2012.02.02 03:13:48 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2012.02.02 03:10:48 | 000,000,014 | ---- | C] () -- C:\Windows\GSetup.ini

[2012.02.02 02:53:15 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe

[2012.02.02 02:15:44 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll

[2012.01.24 03:24:31 | 000,000,265 | ---- | C] () -- C:\Windows\madagascar.ini

[2012.01.07 23:18:16 | 011,296,768 | ---- | C] () -- C:\Users\LittleJimmy\AppData\Roaming\Sandra.mdb

[2012.01.02 07:34:48 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat

[2011.12.26 06:15:58 | 000,000,277 | ---- | C] () -- C:\Windows\game.ini

[2011.12.17 20:00:57 | 000,003,423 | ---- | C] () -- C:\Users\LittleJimmy\AppData\Roaming\PStrip.bk!

[2011.12.17 19:53:13 | 000,009,132 | ---- | C] () -- C:\Users\LittleJimmy\AppData\Roaming\PStrip.bko

[2011.12.16 21:12:01 | 000,009,132 | ---- | C] () -- C:\Users\LittleJimmy\AppData\Roaming\PStrip.bak

[2011.12.16 21:06:09 | 000,009,132 | ---- | C] () -- C:\Users\LittleJimmy\AppData\Roaming\PStrip.ini

[2011.12.06 08:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll

[2011.12.06 08:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll

[2011.12.06 04:27:36 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat

[2011.12.06 04:27:36 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat

[2011.11.24 05:29:36 | 000,406,336 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe

[2011.11.14 21:47:22 | 000,608,507 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2011.09.24 21:24:45 | 000,010,240 | ---- | C] () -- C:\Users\LittleJimmy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.09.19 15:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\System32\rtvcvfw32.dll

[2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll

[2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll

[2011.09.13 02:06:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat

[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat

[2011.09.07 19:27:32 | 002,328,806 | ---- | C] () -- C:\Users\LittleJimmy\AppData\Roaming\47 DE

[2011.09.05 20:57:32 | 000,000,041 | --S- | C] () -- C:\ProgramData\.zreglib

[2011.09.05 20:28:06 | 000,000,099 | ---- | C] () -- C:\Users\LittleJimmy\AppData\Local\fusioncache.dat

[2011.09.02 04:00:49 | 000,139,048 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2011.09.02 04:00:49 | 000,138,056 | ---- | C] () -- C:\Users\LittleJimmy\AppData\Roaming\PnkBstrK.sys

[2011.09.02 04:00:29 | 000,282,296 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe

[2011.09.02 04:00:28 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

[2011.09.02 04:00:27 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe

[2011.09.01 07:10:12 | 000,000,004 | ---- | C] () -- C:\Users\LittleJimmy\AppData\Roaming\steam_md4.dat

[2011.08.26 04:44:03 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2011.08.24 02:52:29 | 000,028,672 | ---- | C] () -- C:\Windows\System32\newdll.dll

[2011.04.10 03:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2010.09.21 10:03:52 | 000,034,466 | ---- | C] () -- C:\Program Files\apps.ini

[2010.09.21 10:03:52 | 000,000,959 | ---- | C] () -- C:\Program Files\mirrors.ini

[2010.05.17 10:29:02 | 007,692,800 | ---- | C] () -- C:\Program Files\QtGui4.dll

[2010.03.25 11:57:36 | 002,066,944 | ---- | C] () -- C:\Program Files\QtCore4.dll

[2010.03.22 11:59:00 | 000,666,624 | ---- | C] () -- C:\Program Files\QtNetwork4.dll

 

========== LOP Check ==========

 

[2012.07.18 10:44:38 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\.minecraft

[2012.05.19 13:06:10 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\Audacity

[2011.11.30 06:21:28 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\Babylon

[2012.01.08 21:57:33 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\BANDISOFT

[2012.07.23 09:52:01 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\DAEMON Tools Lite

[2011.09.25 01:07:45 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\DAEMON Tools Pro

[2011.08.24 03:04:31 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\dll-files.com

[2012.01.25 06:38:20 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\DriverCure

[2011.09.22 20:45:20 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\GetRightToGo

[2011.09.05 20:13:42 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\ImgBurn

[2011.08.24 19:34:32 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\Leadertech

[2011.09.07 21:56:16 | 000,000,000 | R-SD | M] -- C:\Users\LittleJimmy\AppData\Roaming\main

[2011.11.12 07:04:30 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\MediaCenter Programs

[2012.01.20 20:56:45 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\MW3 FoV Changer

[2012.06.25 17:24:47 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\Nitro PDF

[2012.07.30 11:30:58 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\OpenCandy

[2012.07.06 10:45:49 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\Opera

[2011.12.05 22:09:43 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\Origin

[2011.09.01 06:46:08 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\PFStaticIP

[2011.08.24 04:29:35 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\Publish Providers

[2012.05.22 19:54:26 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\Rovio

[2012.02.02 08:01:24 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\Sony

[2011.08.25 08:53:16 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\Subversion

[2012.01.05 06:21:04 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\SystemRequirementsLab

[2011.10.06 06:36:52 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\TS3Client

[2011.10.19 07:54:33 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\Tunngle

[2012.08.01 13:34:05 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\uTorrent

[2012.02.02 08:28:04 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\Win7codecs

[2012.07.31 18:00:00 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job

[2012.04.12 03:21:07 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

< %SYSTEMDRIVE%\*.* >

[2009.06.10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2011.08.04 10:04:14 | 000,000,223 | ---- | M] () -- C:\Boot.BAK

[2011.08.24 02:42:56 | 000,000,367 | RHS- | M] () -- C:\Boot.ini.saved

[2010.11.20 14:40:07 | 000,383,786 | R-S- | M] () -- C:\bootmgr

[2011.08.24 02:42:57 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2011.08.24 02:22:12 | 000,438,840 | R-S- | M] () -- C:\bootxe1

[2012.07.31 14:57:31 | 000,017,296 | ---- | M] () -- C:\ComboFix.txt

[2009.06.10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys

[2011.03.03 23:37:31 | 000,000,237 | ---- | M] () -- C:\debugInstaller.txt

[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt

[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt

[2007.11.07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt

[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt

[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt

[2007.11.07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt

[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt

[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt

[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt

[2007.11.07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini

[2012.08.01 07:06:45 | 1597,378,560 | -HS- | M] () -- C:\hiberfil.sys

[2007.11.07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini

[2007.11.07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll

[2007.11.07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll

[2007.11.07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll

[2007.11.07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll

[2007.11.07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll

[2007.11.07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll

[2007.11.07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll

[2007.11.07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll

[2007.11.07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll

[2010.11.17 07:13:14 | 000,000,000 | R-S- | M] () -- C:\IO.SYS

[2010.11.17 07:13:14 | 000,000,000 | R-S- | M] () -- C:\MSDOS.SYS

[2008.04.14 11:00:00 | 000,047,564 | R-S- | M] () -- C:\NTDETECT.COM

[2008.04.14 11:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2012.08.01 07:06:47 | 2129,838,080 | -HS- | M] () -- C:\pagefile.sys

[2000.10.15 17:17:40 | 000,005,583 | ---- | M] () -- C:\PCT.NFO

[2000.10.13 22:41:28 | 000,108,032 | ---- | M] (Pz Crack Team) -- C:\PZ_FT2K.EXE

[2008.03.23 09:54:51 | 000,105,230 | ---- | M] () -- C:\pz_ft2k.zip

[2011.11.06 06:58:13 | 000,002,000 | ---- | M] () -- C: stamps.log

[2011.11.30 06:23:10 | 000,000,237 | ---- | M] () -- C:\user.js

[2007.11.07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp

[2007.11.07 17:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab

[2007.11.07 17:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

[2011.08.24 02:22:12 | 000,171,136 | R-S- | M] () -- C:\XELD1

[2011.08.24 02:22:12 | 000,009,216 | R-S- | M] () -- C:\XELD1.1st

 

< %USERPROFILE%\*.* >

[2012.08.01 13:33:38 | 008,126,464 | --S- | M] () -- C:\Users\LittleJimmy\NTUSER.DAT

[2012.08.01 13:33:38 | 000,262,144 | --S- | M] () -- C:\Users\LittleJimmy\ntuser.dat.LOG1

[2011.08.24 02:06:57 | 000,000,000 | --S- | M] () -- C:\Users\LittleJimmy\ntuser.dat.LOG2

[2011.08.24 02:23:06 | 000,065,536 | -HS- | M] () -- C:\Users\LittleJimmy\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf

[2011.08.24 02:23:06 | 000,524,288 | -HS- | M] () -- C:\Users\LittleJimmy\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms

[2011.08.24 02:23:06 | 000,524,288 | -HS- | M] () -- C:\Users\LittleJimmy\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms

[2011.08.24 02:06:57 | 000,000,020 | -HS- | M] () -- C:\Users\LittleJimmy\ntuser.ini

 

< %USERPROFILE%\AppData\Local\*.* >

[2012.06.03 13:10:41 | 000,010,240 | ---- | M] () -- C:\Users\LittleJimmy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.09.05 20:28:06 | 000,000,099 | ---- | M] () -- C:\Users\LittleJimmy\AppData\Local\fusioncache.dat

[2012.06.25 18:28:02 | 000,062,248 | ---- | M] () -- C:\Users\LittleJimmy\AppData\Local\GDIPFONTCACHEV1.DAT

[2012.08.01 07:05:18 | 002,454,342 | -H-- | M] () -- C:\Users\LittleJimmy\AppData\Local\IconCache.db

 

< %USERPROFILE%\AppData\Roaming\*.* >

[2011.11.12 06:51:35 | 002,328,806 | ---- | M] () -- C:\Users\LittleJimmy\AppData\Roaming\47 DE

[2012.01.03 11:12:43 | 000,138,056 | ---- | M] () -- C:\Users\LittleJimmy\AppData\Roaming\PnkBstrK.sys

[2012.01.04 16:13:33 | 000,009,132 | ---- | M] () -- C:\Users\LittleJimmy\AppData\Roaming\PStrip.bak

[2011.12.16 21:14:34 | 000,003,423 | ---- | M] () -- C:\Users\LittleJimmy\AppData\Roaming\PStrip.bk!

[2012.01.01 18:24:08 | 000,009,132 | ---- | M] () -- C:\Users\LittleJimmy\AppData\Roaming\PStrip.bko

[2012.01.04 16:26:09 | 000,009,132 | ---- | M] () -- C:\Users\LittleJimmy\AppData\Roaming\PStrip.ini

[2011.12.10 11:33:58 | 011,296,768 | ---- | M] () -- C:\Users\LittleJimmy\AppData\Roaming\Sandra.mdb

[2011.09.01 07:10:12 | 000,000,004 | ---- | M] () -- C:\Users\LittleJimmy\AppData\Roaming\steam_md4.dat

 

< %ProgramData%\*.* >

[2011.09.06 02:21:39 | 000,000,041 | --S- | M] () -- C:\ProgramData\.zreglib

[2011.11.03 07:34:48 | 000,000,032 | R--- | M] () -- C:\ProgramData\hash.dat

[2012.06.25 18:26:46 | 000,001,586 | ---- | M] () -- C:\ProgramData\hpzinstall.log

 

< %CommonProgramFiles%\*.* >

 

< %CommonProgramFiles%\ComObjects*.* >

 

< %PROGRAMFILES%\*.* >

[2010.09.21 10:03:52 | 000,034,466 | ---- | M] () -- C:\Program Files\apps.ini

[2010.09.21 10:04:10 | 000,074,179 | ---- | M] () -- C:\Program Files\changelog.txt

[2009.07.14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

[2010.05.18 14:46:32 | 000,397,312 | ---- | M] (Firelight Technologies) -- C:\Program Files\fmodex.dll

[2010.09.21 10:03:52 | 000,000,959 | ---- | M] () -- C:\Program Files\mirrors.ini

[2010.03.25 11:57:36 | 002,066,944 | ---- | M] () -- C:\Program Files\QtCore4.dll

[2010.05.17 10:29:02 | 007,692,800 | ---- | M] () -- C:\Program Files\QtGui4.dll

[2010.03.22 11:59:00 | 000,666,624 | ---- | M] () -- C:\Program Files\QtNetwork4.dll

[2010.09.21 10:04:10 | 007,054,080 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Program Files s3client_win32.exe

 

< %systemroot%\system32\config\systemprofile\AppData\Local\*.* >

 

< %systemroot%\system32\config\systemprofile\AppData\Roaming\*.* >

 

< %windir%\SysWOW64\config\systemprofile\AppData\Local\*.* >

 

< %windir%\SysWOW64\config\systemprofile\AppData\Roaming\*.* >

 

< %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.* >

 

< %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* >

[2012.07.31 15:49:35 | 000,000,260 | ---- | M] () -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\wmpnsslog00.sqm

 

< %windir% emp\*.* >

[2012.08.01 08:06:09 | 000,000,608 | ---- | M] () -- C:\Windows emp\fwtsqmfile00.sqm

[2012.08.01 09:17:35 | 000,003,643 | ---- | M] () -- C:\Windows emp\hpqddsvc.log

[2012.08.01 05:06:39 | 000,000,878 | ---- | M] () -- C:\Windows emp\MpCmdRun.log

[2012.08.01 00:29:54 | 000,003,996 | ---- | M] () -- C:\Windows emp\MpSigStub.log

[3 C:\Windows emp\*.tmp files -> C:\Windows emp\*.tmp -> ]

 

< %windir%\minidump\*.* >

 

< %windir%\*. >

[2009.07.14 06:52:31 | 000,000,000 | ---D | M] -- C:\Windows\addins

[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\Windows\AppCompat

[2012.07.31 14:53:11 | 000,000,000 | ---D | M] -- C:\Windows\AppPatch

[2012.07.20 21:23:20 | 000,000,000 | R-SD | M] -- C:\Windows\assembly

[2009.07.14 06:52:30 | 000,000,000 | ---D | M] -- C:\Windows\Boot

[2009.07.14 06:52:30 | 000,000,000 | ---D | M] -- C:\Windows\Branding

[2009.07.14 06:52:31 | 000,000,000 | ---D | M] -- C:\Windows\Cursors

[2012.04.17 16:42:02 | 000,000,000 | ---D | M] -- C:\Windows\Datecs

[2012.07.23 09:51:59 | 000,000,000 | ---D | M] -- C:\Windows\debug

[2009.07.14 06:52:30 | 000,000,000 | ---D | M] -- C:\Windows\diagnostics

[2009.07.14 06:56:48 | 000,000,000 | ---D | M] -- C:\Windows\DigitalLocker

[2011.08.24 02:28:28 | 000,000,000 | ---D | M] -- C:\Windows\Downloaded Program Files

[2012.01.11 13:00:34 | 000,000,000 | ---D | M] -- C:\Windows\ehome

[2009.07.14 06:56:48 | 000,000,000 | ---D | M] -- C:\Windows\en-US

[2012.07.31 14:56:32 | 000,000,000 | ---D | M] -- C:\Windows\erdnt

[2012.06.25 18:22:49 | 000,000,000 | R-SD | M] -- C:\Windows\Fonts

[2009.07.14 09:54:32 | 000,000,000 | ---D | M] -- C:\Windows\Globalization

[2011.08.24 02:44:03 | 000,000,000 | ---D | M] -- C:\Windows\Help

[2009.07.14 06:56:48 | 000,000,000 | ---D | M] -- C:\Windows\IME

[2012.08.01 07:11:38 | 000,000,000 | ---D | M] -- C:\Windows\inf

[2012.07.30 15:14:23 | 000,000,000 | -HSD | M] -- C:\Windows\Installer

[2009.07.14 06:52:31 | 000,000,000 | ---D | M] -- C:\Windows\L2Schemas

[2011.12.14 06:31:45 | 000,000,000 | ---D | M] -- C:\Windows\Left 4 Dead

[2012.01.15 05:12:25 | 000,000,000 | ---D | M] -- C:\Windows\LiveKernelReports

[2012.06.27 08:35:09 | 000,000,000 | ---D | M] -- C:\Windows\Logs

[2009.07.14 06:52:32 | 000,000,000 | R-SD | M] -- C:\Windows\Media

[2012.06.13 02:30:58 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET

[2012.07.30 15:03:36 | 000,000,000 | ---D | M] -- C:\Windows\Minidump

[2009.07.14 04:04:03 | 000,000,000 | ---D | M] -- C:\Windows\ModemLogs

[2009.07.14 06:52:32 | 000,000,000 | ---D | M] -- C:\Windows\Offline Web Pages

[2011.08.24 02:05:52 | 000,000,000 | ---D | M] -- C:\Windows\Panther

[2009.07.14 06:52:30 | 000,000,000 | ---D | M] -- C:\Windows\Performance

[2009.07.14 04:37:07 | 000,000,000 | ---D | M] -- C:\Windows\PLA

[2012.06.26 20:57:16 | 000,000,000 | ---D | M] -- C:\Windows\PolicyDefinitions

[2012.08.01 13:27:30 | 000,000,000 | ---D | M] -- C:\Windows\Prefetch

[2012.01.04 21:24:27 | 000,000,000 | ---D | M] -- C:\Windows\pss

[2011.09.02 04:03:58 | 000,000,000 | ---D | M] -- C:\Windows\Registration

[2012.06.27 00:26:50 | 000,000,000 | ---D | M] -- C:\Windows\rescache

[2009.07.14 06:52:30 | 000,000,000 | ---D | M] -- C:\Windows\Resources

[2009.07.14 04:05:02 | 000,000,000 | ---D | M] -- C:\Windows\SchCache

[2009.07.14 06:52:30 | 000,000,000 | ---D | M] -- C:\Windows\schemas

[2009.07.14 04:37:07 | 000,000,000 | ---D | M] -- C:\Windows\security

[2009.07.14 06:34:14 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles

[2011.12.06 18:36:00 | 000,000,000 | ---D | M] -- C:\Windows\servicing

[2009.07.14 06:34:16 | 000,000,000 | ---D | M] -- C:\Windows\Setup

[2009.07.14 09:48:41 | 000,000,000 | ---D | M] -- C:\Windows\ShellNew

[2012.08.01 07:10:04 | 000,000,000 | ---D | M] -- C:\Windows\SoftwareDistribution

[2009.07.14 06:56:47 | 000,000,000 | ---D | M] -- C:\Windows\Speech

[2012.02.02 04:11:22 | 000,000,000 | ---D | M] -- C:\Windows\Sun

[2009.07.14 06:52:31 | 000,000,000 | ---D | M] -- C:\Windows\system

[2012.08.01 07:11:38 | 000,000,000 | ---D | M] -- C:\Windows\System32

[2009.07.14 06:46:36 | 000,000,000 | ---D | M] -- C:\Windows\TAPI

[2012.07.30 15:40:21 | 000,000,000 | ---D | M] -- C:\Windows\Tasks

[2012.08.01 13:27:21 | 000,000,000 | ---D | M] -- C:\Windows emp

[2012.08.01 13:34:35 | 000,000,000 | ---D | M] -- C:\Windows racing

[2012.06.25 18:22:05 | 000,000,000 | ---D | M] -- C:\Windows wain_32

[2011.10.01 06:04:06 | 000,000,000 | ---D | M] -- C:\Windows\USB Vibration

[2009.07.14 04:37:09 | 000,000,000 | ---D | M] -- C:\Windows\Vss

[2009.07.14 06:52:30 | 000,000,000 | ---D | M] -- C:\Windows\Web

[2012.07.11 03:21:05 | 000,000,000 | ---D | M] -- C:\Windows\winsxs

 

< %windir%\installer\*. >

[2011.09.01 18:15:36 | 000,000,000 | -HSD | M] -- C:\Windows\installer\$PatchCache$

[2011.08.24 08:02:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}

[2011.08.25 21:46:49 | 000,000,000 | ---D | M] -- C:\Windows\installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}

[2011.09.12 23:24:07 | 000,000,000 | ---D | M] -- C:\Windows\installer\{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}

[2011.10.23 17:20:06 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}

[2011.08.24 08:03:06 | 000,000,000 | ---D | M] -- C:\Windows\installer\{08CA9554-B5FE-4313-938F-D4A417B81175}

[2012.06.13 23:23:11 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0A2A5039-B37F-489D-B1DC-A5258DF9E697}

[2012.02.08 23:24:07 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0D97F8D1-2102-53D2-5633-C992D6086801}

[2011.08.25 08:51:26 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0DB06704-7DB8-43FC-BE1D-8ACFEFA85C43}

[2012.02.08 23:24:02 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0EA00EA7-42C0-ED9C-9110-2C04B8EDBA66}

[2012.02.08 23:24:01 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0EB86B70-91FF-39BF-633C-785DF2218CC6}

[2012.01.24 03:24:30 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0FB261F3-6F16-43FD-A404-F377C169B937}

[2011.10.04 01:43:02 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0FE9ED74-A83F-44CD-B08D-8D2DDB590C3F}

[2012.07.30 15:13:38 | 000,000,000 | ---D | M] -- C:\Windows\installer\{1111706F-666A-4037-7777-211328764D10}

[2012.02.08 20:34:49 | 000,000,000 | ---D | M] -- C:\Windows\installer\{15C9BD50-860B-4A2D-A3B1-18C79D6779A0}

[2012.02.08 23:24:01 | 000,000,000 | ---D | M] -- C:\Windows\installer\{1686C07D-C2BB-A8B2-C5ED-32C4EE1A3E62}

[2012.02.08 23:24:00 | 000,000,000 | ---D | M] -- C:\Windows\installer\{18B6A9F8-25BC-5978-6B42-A50FA2CABC18}

[2012.06.25 18:22:19 | 000,000,000 | ---D | M] -- C:\Windows\installer\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}

[2011.11.12 06:59:49 | 000,000,000 | ---D | M] -- C:\Windows\installer\{2165FE17-CEB4-4B94-981E-F5EFC9AFB37D}

[2012.06.15 11:14:08 | 000,000,000 | ---D | M] -- C:\Windows\installer\{2315B23D-3E21-4920-837D-AE6460934ECB}

[2011.11.03 19:18:17 | 000,000,000 | ---D | M] -- C:\Windows\installer\{26A24AE4-039D-4CA4-87B4-2F83216029FF}

[2011.12.09 08:35:29 | 000,000,000 | ---D | M] -- C:\Windows\installer\{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}

[2012.02.08 23:24:01 | 000,000,000 | ---D | M] -- C:\Windows\installer\{298C6691-46B2-2065-0DD7-1E7B3B669A47}

[2011.09.12 22:56:10 | 000,000,000 | ---D | M] -- C:\Windows\installer\{2BF0AE92-C3BC-4112-9066-1546342B1FAE}

[2011.10.23 17:01:02 | 000,000,000 | ---D | M] -- C:\Windows\installer\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}

[2012.02.08 23:22:40 | 000,000,000 | ---D | M] -- C:\Windows\installer\{2E2253E9-3EAD-D9DF-EDCA-A893551EB081}

[2012.02.08 23:23:58 | 000,000,000 | ---D | M] -- C:\Windows\installer\{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}

[2011.12.12 06:12:00 | 000,000,000 | ---D | M] -- C:\Windows\installer\{3AC8457C-0385-4BEA-A959-E095F05D6D67}

[2011.09.14 02:22:35 | 000,000,000 | ---D | M] -- C:\Windows\installer\{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}

[2012.02.08 23:24:05 | 000,000,000 | ---D | M] -- C:\Windows\installer\{400C5445-1AE8-1A41-CAC6-AB114341F65D}

[2012.01.20 05:33:18 | 000,000,000 | ---D | M] -- C:\Windows\installer\{434D0FA0-1558-4D8E-AC3D-BD1000008200}

[2012.02.08 23:24:06 | 000,000,000 | ---D | M] -- C:\Windows\installer\{448B1C6D-02C2-7681-66B2-624E58B25375}

[2012.02.08 23:24:04 | 000,000,000 | ---D | M] -- C:\Windows\installer\{46EB9D45-FC1A-2635-1693-176E6FA1C672}

[2012.02.02 08:02:03 | 000,000,000 | ---D | M] -- C:\Windows\installer\{5AC11070-A1CB-11E0-A0DC-0013D3D69929}

[2012.02.08 23:24:04 | 000,000,000 | ---D | M] -- C:\Windows\installer\{651F43AA-3F06-9277-6F1B-8E8155017463}

[2012.02.08 23:24:06 | 000,000,000 | ---D | M] -- C:\Windows\installer\{68DE32E1-292B-6A02-6A53-935BFAE70C99}

[2012.06.25 18:23:05 | 000,000,000 | ---D | M] -- C:\Windows\installer\{7059BDA7-E1DB-442C-B7A1-6144596720A4}

[2011.09.12 23:32:55 | 000,000,000 | ---D | M] -- C:\Windows\installer\{750C87B8-AF19-4C3C-B791-50D9C83AE572}

[2012.06.26 20:56:13 | 000,000,000 | ---D | M] -- C:\Windows\installer\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}

[2012.02.08 23:24:00 | 000,000,000 | ---D | M] -- C:\Windows\installer\{818212BA-7F8C-DDF9-64BE-F6D0B6F46D29}

[2012.02.08 23:24:02 | 000,000,000 | ---D | M] -- C:\Windows\installer\{84F4542C-ED64-28AC-49B3-1A9BAB395AB4}

[2012.06.26 20:51:39 | 000,000,000 | ---D | M] -- C:\Windows\installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

[2012.05.11 21:16:35 | 000,000,000 | ---D | M] -- C:\Windows\installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

[2012.02.02 08:28:26 | 000,000,000 | ---D | M] -- C:\Windows\installer\{8C0CAA7A-3272-4991-A808-2C7559DE3409}

[2011.12.04 19:23:48 | 000,000,000 | ---D | M] -- C:\Windows\installer\{9530AE42-DAE1-4619-9594-B23487285D17}

[2012.02.08 23:24:03 | 000,000,000 | ---D | M] -- C:\Windows\installer\{9C41195F-11B3-8EEC-6634-7183BE6CB1B1}

[2011.09.12 23:03:32 | 000,000,000 | ---D | M] -- C:\Windows\installer\{9F01A67B-7D67-482F-9D4F-D5980A440FD4}

[2012.02.08 23:24:18 | 000,000,000 | ---D | M] -- C:\Windows\installer\{A146E311-4ABF-57D5-3773-92D303458BEC}

[2012.02.08 23:24:20 | 000,000,000 | ---D | M] -- C:\Windows\installer\{A25FF1C0-80B6-4B8B-A551-DC525697A408}

[2012.02.08 23:22:41 | 000,000,000 | ---D | M] -- C:\Windows\installer\{A33A89D0-2F48-FD1C-A243-9073EE0592E0}

[2012.02.08 23:23:58 | 000,000,000 | ---D | M] -- C:\Windows\installer\{A66FB6C7-B689-AFD5-21BA-7CAF8E44E6E6}

[2011.11.04 04:32:46 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AA59DDE4-B672-4621-A016-4C248204957A}

[2012.02.08 23:24:08 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AE136F7F-7DC6-600F-9DF9-BFA0DF516135}

[2012.02.08 23:22:53 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B33D8DA3-28E5-2EA8-CC16-8D8A9CED91C4}

[2011.09.24 21:22:46 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}

[2012.02.08 23:23:59 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B4CF00AE-2622-7BC6-24EC-4E5A0A8C9135}

[2012.01.01 01:08:08 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B9A17C96-1348-45CB-BB0A-1BCB3A0F854E}

[2012.02.08 23:23:59 | 000,000,000 | ---D | M] -- C:\Windows\installer\{BAE1C0A8-634D-CFF1-0E0C-893092427D34}

[2012.02.02 09:51:47 | 000,000,000 | ---D | M] -- C:\Windows\installer\{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}

[2012.02.08 23:24:03 | 000,000,000 | ---D | M] -- C:\Windows\installer\{C2DEC505-79A9-E952-32B0-31B67B83E231}

[2012.02.08 23:24:14 | 000,000,000 | ---D | M] -- C:\Windows\installer\{C2FB14FB-DF6B-287D-BDC3-C7BEC86F539E}

[2011.09.12 23:13:22 | 000,000,000 | ---D | M] -- C:\Windows\installer\{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}

[2012.07.19 14:04:09 | 000,000,000 | ---D | M] -- C:\Windows\installer\{CC419DDC-E0F0-4013-B25A-6FA036516F0D}

[2012.02.08 23:24:00 | 000,000,000 | ---D | M] -- C:\Windows\installer\{CCEFAE22-4D01-0084-D1CA-AC14AA743A97}

[2011.12.26 06:15:58 | 000,000,000 | ---D | M] -- C:\Windows\installer\{D0A05794-48C2-4424-A15A-9F20FCFDD374}

[2012.06.25 18:23:31 | 000,000,000 | ---D | M] -- C:\Windows\installer\{D79113E7-274C-470B-BD46-01B10219DF6A}

[2011.09.12 22:36:26 | 000,000,000 | ---D | M] -- C:\Windows\installer\{D80A6A73-E58A-4673-AFF5-F12D7110661F}

[2012.02.02 07:45:00 | 000,000,000 | ---D | M] -- C:\Windows\installer\{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}

[2012.02.08 23:24:10 | 000,000,000 | ---D | M] -- C:\Windows\installer\{DB3D1784-421D-9942-3AC4-D90B18615BBC}

[2012.06.25 18:23:44 | 000,000,000 | ---D | M] -- C:\Windows\installer\{DC635845-46D3-404B-BCB1-FC4A91091AFA}

[2011.09.10 04:19:01 | 000,000,000 | ---D | M] -- C:\Windows\installer\{DDEC1AF0-0C66-43B2-A0FC-A82648E8D36A}

[2012.02.08 23:24:04 | 000,000,000 | ---D | M] -- C:\Windows\installer\{DE460826-5E72-2357-154F-E376F9926008}

[2012.02.08 23:24:03 | 000,000,000 | ---D | M] -- C:\Windows\installer\{E21FFD29-D231-3BD3-6941-15710E44BED4}

[2012.02.08 23:24:06 | 000,000,000 | ---D | M] -- C:\Windows\installer\{E3E313C7-0AE2-7F44-52E8-528D4EDC74B2}

[2011.10.23 17:20:32 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F2508213-9989-4E85-A078-72BE483917EF}

[2012.06.28 03:00:46 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

[2012.02.08 23:24:05 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F9929777-7B6E-F53D-3105-1C06E5120CA1}

 

< %windir%\system32\*. >

[2012.02.16 13:03:06 | 000,000,000 | -HSD | M] -- C:\Windows\system32\%APPDATA%

[2009.07.14 06:56:48 | 000,000,000 | ---D | M] -- C:\Windows\system32\0409

[2011.12.06 18:35:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\AdvancedInstallers

[2009.07.14 04:37:07 | 000,000,000 | ---D | M] -- C:\Windows\system32\ar-SA

[2009.07.14 04:37:07 | 000,000,000 | ---D | M] -- C:\Windows\system32\bg-BG

[2011.12.06 18:35:28 | 000,000,000 | ---D | M] -- C:\Windows\system32\Boot

[2012.07.11 03:02:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot

[2012.07.11 03:02:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot2

[2011.08.24 01:53:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\CodeIntegrity

[2009.07.14 06:56:47 | 000,000,000 | ---D | M] -- C:\Windows\system32\com

[2012.08.01 09:28:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\config

[2011.12.06 18:35:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\cs-CZ

[2011.12.06 18:35:58 | 000,000,000 | ---D | M] -- C:\Windows\system32\da-DK

[2009.07.14 04:37:07 | 000,000,000 | ---D | M] -- C:\Windows\system32\de-DE

[2012.04.11 20:43:03 | 000,000,000 | ---D | M] -- C:\Windows\system32\directx

[2011.12.06 18:35:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\Dism

[2012.07.31 14:53:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\drivers

[2012.06.26 20:54:13 | 000,000,000 | ---D | M] -- C:\Windows\system32\DriverStore

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\el-GR

[2011.12.06 18:35:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\en

[2012.06.26 20:57:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\en-US

[2011.12.06 18:35:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\es-ES

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\et-EE

[2011.12.06 18:15:25 | 000,000,000 | ---D | M] -- C:\Windows\system32\EventProviders

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\fi-FI

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\fr-FR

[2009.07.14 06:42:25 | 000,000,000 | ---D | M] -- C:\Windows\system32\FxsTmp

[2009.07.14 04:03:57 | 000,000,000 | ---D | M] -- C:\Windows\system32\GroupPolicy

[2009.07.14 04:03:57 | 000,000,000 | ---D | M] -- C:\Windows\system32\GroupPolicyUsers

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\he-IL

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\hr-HR

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\hu-HU

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\ias

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\icsxml

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\IME

[2009.07.14 04:05:45 | 000,000,000 | ---D | M] -- C:\Windows\system32\inetsrv

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\it-IT

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\ja-JP

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\ko-KR

[2011.09.02 04:00:27 | 000,000,000 | ---D | M] -- C:\Windows\system32\LogFiles

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\lt-LT

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\lv-LV

[2012.06.13 23:19:07 | 000,000,000 | ---D | M] -- C:\Windows\system32\Macromed

[2011.12.06 18:35:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\manifeststore

[2009.07.14 06:34:06 | 000,000,000 | --SD | M] -- C:\Windows\system32\Microsoft

[2012.07.11 03:18:27 | 000,000,000 | ---D | M] -- C:\Windows\system32\migration

[2011.12.06 18:35:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\migwiz

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\Msdtc

[2009.07.14 06:56:48 | 000,000,000 | ---D | M] -- C:\Windows\system32\MUI

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\nb-NO

[2012.06.01 20:50:45 | 000,000,000 | ---D | M] -- C:\Windows\system32\NDF

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\NetworkList

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\nl-NL

[2011.12.06 18:35:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\oobe

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\pl-PL

[2009.07.14 06:56:47 | 000,000,000 | ---D | M] -- C:\Windows\system32\Printing_Admin_Scripts

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-BR

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-PT

[2012.02.02 09:51:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\QuickTime

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\ras

[2009.07.14 09:19:12 | 000,000,000 | ---D | M] -- C:\Windows\system32\Recovery

[2011.08.24 02:42:06 | 000,000,000 | ---D | M] -- C:\Windows\system32\restore

[2009.07.14 04:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\ro-RO

[2012.02.02 03:12:48 | 000,000,000 | ---D | M] -- C:\Windows\system32\RTCOM

[2009.07.14 04:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\ru-RU

[2011.12.06 18:35:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\Setup

[2009.07.14 04:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\sk-SK

[2009.07.14 04:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\sl-SI

[2009.07.14 06:56:48 | 000,000,000 | ---D | M] -- C:\Windows\system32\slmgr

[2009.07.14 04:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\SMI

[2009.07.14 06:52:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\Speech

[2009.07.14 06:41:18 | 000,000,000 | ---D | M] -- C:\Windows\system32\spool

[2009.07.14 04:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\spp

[2011.12.06 18:35:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\sppui

[2011.12.06 18:16:07 | 000,000,000 | ---D | M] -- C:\Windows\system32\SPReview

[2009.07.14 04:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\sr-Latn-CS

[2009.07.14 04:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\sv-SE

[2011.12.06 18:35:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\sysprep

[2012.07.30 15:40:21 | 000,000,000 | ---D | M] -- C:\Windows\system32\Tasks

[2009.07.14 04:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32 h-TH

[2009.07.14 04:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32 r-TR

[2009.07.14 04:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\uk-UA

[2011.09.02 04:03:18 | 000,000,000 | ---D | M] -- C:\Windows\system32\URTTEMP

[2011.12.07 13:00:41 | 000,000,000 | ---D | M] -- C:\Windows\system32\Wat

[2011.12.06 18:35:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\wbem

[2009.07.14 06:56:48 | 000,000,000 | ---D | M] -- C:\Windows\system32\WCN

[2011.09.07 19:50:07 | 000,000,000 | ---D | M] -- C:\Windows\system32\wdi

[2009.07.14 06:54:47 | 000,000,000 | ---D | M] -- C:\Windows\system32\wfp

[2009.07.14 06:52:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\WinBioDatabase

[2009.07.14 06:56:48 | 000,000,000 | ---D | M] -- C:\Windows\system32\WinBioPlugIns

[2009.07.14 06:52:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\WindowsPowerShell

[2009.07.14 04:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\winevt

[2009.07.14 06:56:48 | 000,000,000 | ---D | M] -- C:\Windows\system32\winrm

[2011.10.23 17:00:42 | 000,000,000 | ---D | M] -- C:\Windows\system32\xlive

[2009.07.14 04:37:10 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-CN

[2009.07.14 04:37:10 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-HK

[2009.07.14 04:37:10 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-TW

 

< %windir%\sysnative\*. >

 

< %Temp%\smtmp\1\*.* >

 

< %Temp%\smtmp\2\*.* >

 

< %Temp%\smtmp\3\*.* >

 

< %Temp%\smtmp\4\*.* >

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\syswow64\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /90 >

[2012.06.02 06:40:59 | 000,369,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\cng.sys

[2012.06.02 06:45:04 | 000,067,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecdd.sys

[2012.06.02 06:45:03 | 000,134,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecpkg.sys

[2012.07.22 08:47:39 | 000,139,048 | ---- | M] () -- C:\Windows\system32\drivers\PnkBstrK.sys

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

[2011.09.24 01:50:46 | 000,443,448 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

 

< %systemroot%\syswow64\drivers\*.sys /90 >

 

< %systemroot%\syswow64\drivers\*.sys /lockedfiles >

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2009.07.14 03:15:26 | 000,090,624 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\HPZPPWN7.DLL

[2009.07.14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll

[2010.11.20 14:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\winprint.dll

 

< %systemroot%\*. /rp /s >

 

< %systemroot%\assembly mp\*.* /S /MD5 >

 

< %systemroot%\assembly emp\*.* /S /MD5 >

 

< %systemroot%\assembly\GAC\*.* /S /MD5 >

[2011.09.02 04:03:17 | 000,007,680 | ---- | M] () MD5=A1B44C0A1AD71F86579A4521D5B1C024 -- C:\Windows\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll

[2011.09.02 04:03:41 | 000,000,204 | ---- | M] () MD5=BB2024692375E7B3DC715FD36D6DA21D -- C:\Windows\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011.09.02 04:03:16 | 000,012,288 | ---- | M] () MD5=CF9A10CC1C8DE1E6DD08BD9B01A23214 -- C:\Windows\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll

[2011.09.02 04:03:41 | 000,000,200 | ---- | M] () MD5=48637E9B07EE9A3D9856B007594AA8C8 -- C:\Windows\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011.09.02 04:03:17 | 000,033,792 | ---- | M] () MD5=C8452D936F459621E9E46C17536D3AA2 -- C:\Windows\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll

[2011.09.02 04:03:41 | 000,000,207 | ---- | M] () MD5=C318126AF628FF38BEE6DDEBD9B9E19C -- C:\Windows\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011.09.02 04:03:18 | 000,007,168 | ---- | M] () MD5=ADDF3EA35E004D1DE6CCD6FDFFB3E905 -- C:\Windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll

[2011.09.02 04:03:42 | 000,000,203 | ---- | M] () MD5=ADD54D3191FFDEB89E8D79AEC2057FD8 -- C:\Windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011.09.02 04:03:17 | 000,032,768 | ---- | M] () MD5=EC8034E50C724BE068208A8A14AEC8FF -- C:\Windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll

[2011.09.02 04:03:42 | 000,000,197 | ---- | M] () MD5=01F7BB5B2B8E0A6AE32DEE5CF469F893 -- C:\Windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011.09.02 04:03:17 | 000,004,608 | ---- | M] () MD5=F56F7F4573B8B1462B987ACD8BAD6CA7 -- C:\Windows\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll

[2011.09.02 04:03:42 | 000,000,198 | ---- | M] () MD5=61974BE23726FD9273BAFE17FFFDFB42 -- C:\Windows\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011.09.02 04:03:17 | 000,026,112 | ---- | M] () MD5=6F49E32BE316740CE0900DD7F6FD0300 -- C:\Windows\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll

[2011.09.02 04:03:42 | 000,000,202 | ---- | M] () MD5=205A17C01940F9D9E102CC21E2D380FB -- C:\Windows\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2012.07.20 21:23:17 | 000,053,248 | ---- | M] () MD5=75933586AFD94EA24C5ACD3DBC89A272 -- C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

[2012.07.20 21:23:17 | 000,000,329 | ---- | M] () MD5=28F5D34F92E1E166344A5310CC09A2A9 -- C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012.07.20 21:23:17 | 000,012,800 | ---- | M] () MD5=C0843F0F45EDEEF233B1E581AE75E3BB -- C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

[2012.07.20 21:23:17 | 000,000,315 | ---- | M] () MD5=BCE47F2CB1E4BA51623DE6788B130AD8 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012.07.20 21:23:18 | 000,473,600 | ---- | M] () MD5=7AD4D9FABD109432EED91B359CEAE430 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

[2012.07.20 21:23:18 | 000,000,309 | ---- | M] () MD5=001E1B067B4E655E6EFDED4368040492 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012.06.15 11:09:37 | 002,676,224 | ---- | M] () MD5=A73E7421449CCA62B0561BAD4C8EF23D -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2012.06.15 11:09:37 | 000,000,311 | ---- | M] () MD5=916B0E901C913BAD868A270AF6F67D4B -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012.06.15 11:09:37 | 002,846,720 | ---- | M] () MD5=5E2B8B8A5ED016468716B9FF82A1806F -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2012.06.15 11:09:37 | 000,000,311 | ---- | M] () MD5=ED56574733F343954790AD5E30D37AF6 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012.06.15 11:09:38 | 000,563,712 | ---- | M] () MD5=D3F1922325BE8E7E1C72BFD8179454CE -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2012.06.15 11:09:38 | 000,000,311 | ---- | M] () MD5=4B05D84931819F08CF340ED11C364821 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012.06.15 11:09:38 | 000,567,296 | ---- | M] () MD5=FB3BC0754921873A65F5FBDCA845E6EE -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2012.06.15 11:09:38 | 000,000,311 | ---- | M] () MD5=1D818110B97135312729F83BA90D0EFB -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012.07.20 21:23:19 | 000,576,000 | ---- | M] () MD5=AFCF5F50C632F3A5598ABC28F196D77C -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2012.07.20 21:23:19 | 000,000,311 | ---- | M] () MD5=916CBB2BEF64F583E7F351D8071BDA52 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012.06.15 11:09:39 | 000,577,024 | ---- | M] () MD5=CCD53738DF4FA27849B6BB05DD67D10D -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2012.06.15 11:09:39 | 000,000,311 | ---- | M] () MD5=0E91A538346C322C3476E7D0AB2892E2 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012.06.15 11:09:40 | 000,577,536 | ---- | M] () MD5=43C280C3B15CEB2472AB560D09629664 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2012.06.15 11:09:40 | 000,000,311 | ---- | M] () MD5=41C8E8B08650D1BAF38461614FC813FB -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012.06.15 11:09:40 | 000,577,536 | ---- | M] () MD5=490807C150B7D8BE44BDE871F4DF8C56 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2012.06.15 11:09:40 | 000,000,311 | ---- | M] () MD5=84E82B6C393F3361C9584C68CC9D711A -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012.06.15 11:09:40 | 000,578,560 | ---- | M] () MD5=933085360527DE1B4947289CA468184E -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2012.06.15 11:09:40 | 000,000,311 | ---- | M] () MD5=86157568F45B1061146315A02201F1AA -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012.06.15 11:09:41 | 000,578,560 | ---- | M] () MD5=25C76C1E29D3E8E7398F0901F558A629 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2012.06.15 11:09:41 | 000,000,311 | ---- | M] () MD5=51D6335E1DD1D17B20459D40A2ADE917 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012.07.20 21:23:19 | 000,145,920 | ---- | M] () MD5=D9824A9DD107E598575112B4FF897292 -- C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

[2012.07.20 21:23:19 | 000,000,313 | ---- | M] () MD5=5952B589AF986BD1E99BBB523CCA0502 -- C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012.07.20 21:23:19 | 000,159,232 | ---- | M] () MD5=CEBD995DDEAB2C525A5C4E95789BC961 -- C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

[2012.07.20 21:23:19 | 000,000,315 | ---- | M] () MD5=84265CF6B5661CC66F05BE36D1BCCE1A -- C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012.07.20 21:23:19 | 000,364,544 | ---- | M] () MD5=46F26E2BAFD44960E7F13B2EF80AA0BC -- C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

[2012.07.20 21:23:19 | 000,000,313 | ---- | M] () MD5=44D02F4F4680BDAACA777A1F90945C58 -- C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012.07.20 21:23:20 | 000,178,176 | ---- | M] () MD5=D035348EC8968861AF585B7132FE4C7B -- C:\Windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

[2012.07.20 21:23:20 | 000,000,315 | ---- | M] () MD5=AE057E85F8551299325AC4F23CF60CBB -- C:\Windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012.07.20 21:23:16 | 000,223,232 | ---- | M] () MD5=0C453970E89DB1C1EB9DE087E6EAB5BA -- C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

[2012.07.20 21:23:17 | 000,000,291 | ---- | M] () MD5=0E54C7405D65A314DE86464DCC6BB93E -- C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2009.07.14 06:42:34 | 000,356,352 | ---- | M] () MD5=DD2EB5E64619613C4C108CFB192F4950 -- C:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\Microsoft.Ink.dll

[2009.07.14 06:42:34 | 000,000,325 | ---- | M] () MD5=3A74C27634435F509DC024FEEBE670E5 -- C:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2009.07.14 06:42:34 | 000,516,096 | ---- | M] () MD5=A02EE61542CAAE25F8A44C9428D30247 -- C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\Microsoft.Ink.dll

[2009.07.14 06:42:34 | 000,000,328 | ---- | M] () MD5=FAF707724A740277714E33A65F4995BF -- C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\__AssemblyInfo__.ini

[2011.09.02 04:03:16 | 000,716,800 | ---- | M] () MD5=DB69A95F64275DA69F9F7D86F75BDB76 -- C:\Windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

[2011.09.02 04:03:41 | 000,000,208 | ---- | M] () MD5=846AE6C2B88A2CDFFE587803B09AC7F4 -- C:\Windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011.09.02 04:03:15 | 000,028,672 | ---- | M] () MD5=9CD1C58E73C0625AC5E23F7FC1AF1206 -- C:\Windows\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

[2011.09.02 04:03:41 | 000,000,216 | ---- | M] () MD5=608B92C691FD5DC3B3CAD2341549C8FA -- C:\Windows\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011.09.02 04:03:16 | 000,299,008 | ---- | M] () MD5=5DB53627E3DB7B5B4BA567229CBA9554 -- C:\Windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

[2011.09.02 04:03:41 | 000,000,212 | ---- | M] () MD5=10CC94803F3B1620149E624BA846B598 -- C:\Windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011.09.02 04:03:16 | 000,006,144 | ---- | M] () MD5=2C25CEB603DCF2455D11A38EE6004818 -- C:\Windows\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll

[2011.09.02 04:03:41 | 000,000,208 | ---- | M] () MD5=5E6FD4C5D6384BA72F429644AE341A6F -- C:\Windows\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011.09.02 04:03:15 | 000,011,264 | ---- | M] () MD5=3DD8B8AE47C757425EDCE079FB4A5136 -- C:\Windows\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

[2011.09.02 04:03:41 | 000,000,224 | ---- | M] () MD5=E51DDEA7F9CE31666B33647B1FDCDA08 -- C:\Windows\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011.09.02 04:03:15 | 000,032,768 | ---- | M] () MD5=24334C4B4F052FC53E9429EB9BAE0839 -- C:\Windows\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

[2011.09.02 04:03:41 | 000,000,204 | ---- | M] () MD5=8E9289A379DEA6760BB5F019972FD23A -- C:\Windows\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011.09.02 04:03:15 | 000,006,656 | ---- | M] () MD5=9AEDA81060E1A316798747CD8C2E8617 -- C:\Windows\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

[2011.09.02 04:03:41 | 000,000,206 | ---- | M] () MD5=31EB11448890338B84A80EF6847DC617 -- C:\Windows\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011.09.02 04:03:17 | 001,564,672 | ---- | M] () MD5=6F367F021CC3DFDCC3360EA0174550BE -- C:\Windows\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll

[2011.09.02 04:03:42 | 000,000,199 | ---- | M] () MD5=1C35C1079D6A0CF99D5A1D5AB4F040A0 -- C:\Windows\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011.09.02 04:03:18 | 000,032,768 | ---- | M] () MD5=F395DA30BD59F6EB8F90142089FF2604 -- C:\Windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll

[2011.09.02 04:03:41 | 000,000,198 | ---- | M] () MD5=DD48A7074878058C930A5206AF7766E9 -- C:\Windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011.09.02 04:03:17 | 000,077,824 | ---- | M] () MD5=8EF51657459A18090C95C04ACD5D83B2 -- C:\Windows\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

[2011.09.02 04:03:41 | 000,000,219 | ---- | M] () MD5=2EEDCC9C5A26943550DDCD9257327A2A -- C:\Windows\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011.09.02 04:03:18 | 000,299,008 | ---- | M] () MD5=D77C1AC1ADBF30BC4B71E0FDBA6F8039 -- C:\Windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll

[2011.09.02 04:03:42 | 000,000,215 | ---- | M] () MD5=335F9DD4DC58C656E4C62D2850A3E630 -- C:\Windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini

[2011.09.02 04:03:17 | 001,290,240 | ---- | M] () MD5=14622C6E31981388CE4DC7F839EDDD28 -- C:\Windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll

[2011.09.02 04:03:42 | 000,000,202 | ---- | M] () MD5=C00B71E0705727238265E389FB7DE9CD -- C:\Windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini

[2011.09.02 04:03:17 | 001,699,840 | ---- | M] () MD5=B0A0807468D6DF95100E34BF39FB85D8 -- C:\Windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll

[2011.09.02 04:03:42 | 000,000,204 | ---- | M] () MD5=6DB739C50A8199C7155AF2659E719FF4 -- C:\Windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011.09.02 04:03:17 | 000,086,016 | ---- | M] () MD5=E2E0BC9638132B5909D5C619D14BF80C -- C:\Windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

[2011.09.02 04:03:41 | 000,000,215 | ---- | M] () MD5=290F812212D6B860E93844571736B02D -- C:\Windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011.09.02 04:03:17 | 000,065,536 | ---- | M] () MD5=DD195D8804E63C11EA2138784081CA5D -- C:\Windows\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

[2011.09.02 04:03:41 | 000,000,212 | ---- | M] () MD5=0CBE7A365A976FEA28644EF8C7C80FAC -- C:\Windows\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011.09.02 04:03:17 | 000,466,944 | ---- | M] () MD5=5B8755429A40C7280FF9AD7B4194DF47 -- C:\Windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll

[2011.09.02 04:03:42 | 000,000,205 | ---- | M] () MD5=37471160EAC8655420484F50646456BA -- C:\Windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011.09.02 04:03:17 | 000,241,664 | ---- | M] () MD5=F42A9C15C834CE54AF4401163E32AD6F -- C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

[2011.09.02 04:03:17 | 000,064,000 | ---- | M] () MD5=A8AFE311CC50E314AF958919D636BF92 -- C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll

[2011.09.02 04:03:41 | 000,000,216 | ---- | M] () MD5=5710D56889BC5A5412DDAF812FF19C1B -- C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011.09.02 04:03:17 | 000,368,640 | ---- | M] () MD5=D24328CF719DE28FEFF9F1866988A785 -- C:\Windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll

[2011.09.02 04:03:42 | 000,000,208 | ---- | M] () MD5=29D9932F1F7248576F380348CA117397 -- C:\Windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011.09.02 04:03:17 | 000,241,664 | ---- | M] () MD5=8E95594B96043271117854DD3AD8D922 -- C:\Windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll

[2011.09.02 04:03:42 | 000,000,207 | ---- | M] () MD5=FAFC38D31E4E6C9B662613DDFC30BC1C -- C:\Windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011.09.02 04:03:17 | 000,323,584 | ---- | M] () MD5=BB08DD3D626CA86092E2CDEB444F432B -- C:\Windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll

[2011.09.02 04:03:43 | 000,000,214 | ---- | M] () MD5=2487BE8C01F4C6E88C76E662DF0BD3FE -- C:\Windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini

[2011.09.02 04:03:17 | 000,131,072 | ---- | M] () MD5=5430D3DDFAB656F166F19D1931DBFB96 -- C:\Windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

[2011.09.02 04:03:43 | 000,000,235 | ---- | M] () MD5=16D5F01FC937273BF2574CB64E7E9370 -- C:\Windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011.09.02 04:03:17 | 000,077,824 | ---- | M] () MD5=234EB9AD2640AC2D6EA0DED05D8AB19D -- C:\Windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll

[2011.09.02 04:03:41 | 000,000,206 | ---- | M] () MD5=F84854CBCA56EF22A27C7EB6FA598152 -- C:\Windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011.09.02 04:03:17 | 000,126,976 | ---- | M] () MD5=630B48F7B4934BD7C22CB04C8D85CEE2 -- C:\Windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

[2011.09.02 04:03:41 | 000,000,212 | ---- | M] () MD5=1B2DB3B2BD1E3E6AB870A3A79C15C914 -- C:\Windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011.09.02 04:03:18 | 000,819,200 | ---- | M] () MD5=AF9CB59A979A0C3E57E4CA8C30D13406 -- C:\Windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

[2011.09.02 04:03:43 | 000,000,208 | ---- | M] () MD5=5AB0C7C1A40A3652575615A384AECD81 -- C:\Windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011.09.02 04:03:17 | 000,057,344 | ---- | M] () MD5=83CDE80C3C6F9E5D8485266C97086E2D -- C:\Windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

[2011.09.02 04:03:42 | 000,000,220 | ---- | M] () MD5=21DA1D0A991361AB8F6310F8CB1B273C -- C:\Windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011.09.02 04:03:17 | 000,569,344 | ---- | M] () MD5=BDF6E8D14CA8EE86CD1AD795BE9A1A1D -- C:\Windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll

[2011.09.02 04:03:42 | 000,000,210 | ---- | M] () MD5=2BD15A466B023CB5D7AAB6F665169F7B -- C:\Windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011.09.02 04:03:17 | 001,245,184 | ---- | M] () MD5=297276BF40B7C89929AEBB5E76B653FC -- C:\Windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll

[2011.09.02 04:03:42 | 000,000,201 | ---- | M] () MD5=67A8AE9C1DE7C190A4D9E36BCAEA223D -- C:\Windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011.09.02 04:03:18 | 002,039,808 | ---- | M] () MD5=02681152FE52FC6E91A812A8A9420D2F -- C:\Windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll

[2011.09.02 04:03:42 | 000,000,211 | ---- | M] () MD5=5B01C55B44FFD6B0AE357025A3EF9CA9 -- C:\Windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini

[2011.09.02 04:03:18 | 001,335,296 | ---- | M] () MD5=4E0351EE76439F1FC14914B5BFF7C9AE -- C:\Windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll

[2011.09.02 04:03:42 | 000,000,201 | ---- | M] () MD5=3D6B44C03DDCE51A850CD93BF9C701FE -- C:\Windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini

[2011.09.02 04:03:17 | 001,216,512 | ---- | M] () MD5=D4525BFFC6DE7DDD95E841104494704F -- C:\Windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

[2011.09.02 04:03:42 | 000,000,197 | ---- | M] () MD5=A9A0345904A70431074E3A39790ABDAC -- C:\Windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini

 

< %systemroot%\assembly\GAC_32\*.* /S /MD5 >

[2010.11.20 14:32:20 | 000,238,080 | ---- | M] () MD5=D6D26A698BCCD17AB0761E6221C5F3C4 -- C:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll

[2010.11.05 03:57:39 | 000,069,120 | ---- | M] () MD5=C80DA476BFBAD97D874A0EFE037D7113 -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

[2010.11.05 03:57:43 | 000,072,192 | ---- | M] () MD5=D58D4E4AA8D6146D838BE02500F50B27 -- C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

[2010.11.20 14:32:22 | 000,134,656 | ---- | M] () MD5=7D8676EC6A6ABCF57E1F6CA5372E56EE -- C:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll

[2010.11.20 14:32:22 | 000,186,368 | ---- | M] () MD5=F65CFF843B6E073A4F8188E19EC538D2 -- C:\Windows\assembly\GAC_32\mcupdate\6.1.0.0__31bf3856ad364e35\mcupdate.exe

[2010.11.20 14:32:22 | 000,121,856 | ---- | M] () MD5=6B35B443F4EF4AA695487BC83EADAEC6 -- C:\Windows\assembly\GAC_32\Mcx2Dvcs\6.1.0.0__31bf3856ad364e35\Mcx2Dvcs.dll

[2009.07.14 03:24:14 | 000,507,904 | ---- | M] () MD5=269691AFEE6C44C52CDCA23C24BDBB0C -- C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll

[2009.07.14 03:24:28 | 000,077,824 | ---- | M] () MD5=BB2BB7BFE455562249E922A7AA4493A5 -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll

[2011.08.17 06:28:53 | 000,280,576 | ---- | M] () MD5=6A700621ECF04A54DB76EE9D1ADC79B7 -- C:\Windows\assembly\GAC_32\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll

[2010.11.20 14:35:58 | 000,129,536 | ---- | M] () MD5=796046D31F7CEEFFF6243A98FABA290B -- C:\Windows\assembly\GAC_32\Microsoft.MediaCenter.iTV.Media\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTV.Media.dll

[2010.11.20 14:35:58 | 000,053,248 | ---- | M] () MD5=700A8CF1409EBEEAD7D20B704C338C57 -- C:\Windows\assembly\GAC_32\Microsoft.MediaCenter.Mheg\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Mheg.dll

[2010.11.20 14:35:59 | 000,139,264 | ---- | M] () MD5=3B3D543F595910584AC45C75186CD3DA -- C:\Windows\assembly\GAC_32\Microsoft.MediaCenter.Playback\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Playback.dll

[2010.11.20 14:35:58 | 000,307,712 | ---- | M] () MD5=C6F74E2405934514BB0434B7FCF7B7ED -- C:\Windows\assembly\GAC_32\Microsoft.MediaCenter.TV.Tuners.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.TV.Tuners.Interop.dll

[2010.11.05 03:52:36 | 000,163,840 | ---- | M] () MD5=059B857CCA35C20F06B5DEBD51C4FB38 -- C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

[2009.07.14 03:26:31 | 000,008,192 | ---- | M] () MD5=FA44A672F1C12791984D9ECAB7DC3177 -- C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll

[2010.11.20 14:32:22 | 000,019,968 | ---- | M] () MD5=36D6B6EFE1AFD20700DB4C4E20F400A7 -- C:\Windows\assembly\GAC_32\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop\6.1.0.0__31bf3856ad364e35\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.dll

[2009.06.10 23:14:52 | 000,087,888 | ---- | M] () MD5=2E5F1CF69F92392F8829FC9C9263AE9B -- C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe

[2009.06.10 23:14:53 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config

[2009.06.10 23:22:47 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp

[2009.06.10 23:22:47 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp

[2009.06.10 23:22:58 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp

[2012.01.04 04:50:59 | 004,550,656 | ---- | M] () MD5=C850A6041F5AEDE21C53514BBE9AB09D -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

[2009.06.10 23:23:13 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp

[2009.06.10 23:23:13 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp

[2009.06.10 23:23:13 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp

[2009.06.10 23:23:13 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp

[2009.06.10 23:23:13 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp

[2009.06.10 23:23:14 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp

[2009.06.10 23:23:14 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp

[2009.06.10 23:23:17 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp

[2009.06.10 23:23:17 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp

[2009.06.10 23:23:23 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp

[2010.11.20 14:36:00 | 000,046,080 | ---- | M] () MD5=93C4029DABC19166076BE347283AB969 -- C:\Windows\assembly\GAC_32\napcrypt\6.1.0.0__31bf3856ad364e35\NAPCRYPT.DLL

[2010.11.20 14:36:00 | 000,107,008 | ---- | M] () MD5=E9CFC1884D1E579E82073103827FA62B -- C:\Windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35\NAPHLPR.DLL

[2009.07.14 00:04:07 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.config

[2009.07.14 03:25:25 | 000,005,632 | ---- | M] () MD5=608232474C33C71F863B0866E5165C1C -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.dll

[2009.06.10 23:32:22 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config

[2009.07.14 03:26:15 | 000,005,632 | ---- | M] () MD5=2641880E8C12BEE37DDC2813908A2A0F -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRoles.dll

[2009.06.10 23:32:22 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.config

[2009.07.14 03:23:30 | 000,005,632 | ---- | M] () MD5=D6C077082EAA747911C212A9EB64A813 -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.dll

[2009.07.14 00:04:07 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.config

[2009.07.14 03:22:54 | 000,005,632 | ---- | M] () MD5=331021DA8B00A9ADCDD54B5782943204 -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.dll

[2009.07.14 00:04:08 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.config

[2009.07.14 03:23:04 | 000,005,632 | ---- | M] () MD5=B3DB67C90DBBB75BFE110A86E951C2EC -- C:\Windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.dll

[2012.02.11 01:31:40 | 004,218,880 | ---- | M] () MD5=AEDDFD540E3E6BECDB14C30D1F12B78A -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

[2009.06.10 23:14:51 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config

[2012.02.11 01:31:42 | 001,737,496 | ---- | M] () MD5=DDFBFD8959F32AC0CF3947F36BAC3081 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll

[2010.11.05 03:58:05 | 000,486,400 | ---- | M] () MD5=ED40D020A6A82748394F1653CE324CE4 -- C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

[2010.11.05 03:58:05 | 002,927,616 | ---- | M] () MD5=35CAB7CF3754C41AEB69DCE1D5ACA5A4 -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

[2010.11.05 03:58:08 | 000,258,048 | ---- | M] () MD5=6DB969DF540BC71722848940D180AC08 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

[2010.11.20 06:12:59 | 000,113,664 | ---- | M] () MD5=C865DC05ADE0B41A9E14DD585E0CDF94 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

[2012.02.11 01:31:41 | 000,372,736 | ---- | M] () MD5=A151947AD131A883870A6174CACF423B -- C:\Windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll

[2009.06.10 23:23:19 | 000,261,632 | ---- | M] () MD5=5F3F1BF5F5B43293953FC915845910C4 -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

[2011.12.25 22:42:15 | 005,255,168 | ---- | M] () MD5=7D2B8E2CE3EF2DC633689F1E1F4A7504 -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

 

< %systemroot%\assembly\GAC_64\*.* /S /MD5 >

 

< %SystemRoot%\assembly\GAC_MSIL\*.* /S /MD5 >

[2009.06.10 23:22:40 | 000,010,752 | ---- | M] () MD5=7E8C840853FB6EBD5CC16D3C10C7C127 -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

[2009.06.10 23:22:47 | 000,507,904 | ---- | M] () MD5=11B30A8447A724C6E9FBF6261AC0DA6E -- C:\Windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

[2010.11.05 03:52:35 | 000,165,720 | ---- | M] () MD5=501E961FEEBBDE040FB836CB5DE122C2 -- C:\Windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe

[2009.06.10 23:22:50 | 000,013,312 | ---- | M] () MD5=AAD128271C76C6596E69CFA81D765C2C -- C:\Windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

[2009.06.10 23:22:50 | 000,005,120 | ---- | M] () MD5=BA86FDE9C3B5BD2FF5EA7A99BF648E82 -- C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\dfsvc.exe

[2010.11.20 14:32:20 | 000,094,208 | ---- | M] () MD5=3AC3967EB34A432332FF4E2D971397E8 -- C:\Windows\assembly\GAC_MSIL\ehCIR\6.1.0.0__31bf3856ad364e35\ehCIR.dll

[2010.11.20 14:32:20 | 000,143,360 | ---- | M] () MD5=7F404ED2BAD3365F1A6452DBE40024FD -- C:\Windows\assembly\GAC_MSIL\ehexthost\6.1.0.0__31bf3856ad364e35\ehexthost.exe

[2009.07.13 23:04:37 | 000,002,274 | ---- | M] () MD5=C343B566A3B8DA7743C30796BE0A54D7 -- C:\Windows\assembly\GAC_MSIL\ehexthost\6.1.0.0__31bf3856ad364e35\ehexthost.exe.config

[2009.07.14 03:20:19 | 000,015,872 | ---- | M] () MD5=8C0473A82FF7D19D19B8F3E120B3BB3A -- C:\Windows\assembly\GAC_MSIL\ehiActivScp\6.1.0.0__31bf3856ad364e35\ehiActivScp.dll

[2009.07.14 03:22:13 | 000,011,776 | ---- | M] () MD5=49D389CC7E7DC17C507F4B5AD6203AD3 -- C:\Windows\assembly\GAC_MSIL\ehiBmlDataCarousel\6.1.0.0__31bf3856ad364e35\ehiBmlDataCarousel.dll

[2009.07.14 03:20:15 | 000,077,824 | ---- | M] () MD5=598383C42098DF7D0FFD61F459B6CBAF -- C:\Windows\assembly\GAC_MSIL\ehiExtens\6.1.0.0__31bf3856ad364e35\ehiExtens.dll

[2009.07.14 03:20:46 | 000,040,960 | ---- | M] () MD5=0DBF6B6DEBD8C1F3F810C17AF4A18CE5 -- C:\Windows\assembly\GAC_MSIL\ehiiTV\6.1.0.0__31bf3856ad364e35\ehiiTV.dll

[2010.11.20 14:32:20 | 000,172,032 | ---- | M] () MD5=3B813FB741DF5CD45EB4EA36AE0F83B3 -- C:\Windows\assembly\GAC_MSIL\ehiProxy\6.1.0.0__31bf3856ad364e35\ehiProxy.dll

[2009.07.14 03:20:56 | 000,086,016 | ---- | M] () MD5=2CC68F809DAF4D4FAC0E66B35A4EB9BE -- C:\Windows\assembly\GAC_MSIL\ehiTVMSMusic\6.1.0.0__31bf3856ad364e35\ehiTVMSMusic.dll

[2009.07.14 03:20:37 | 000,006,144 | ---- | M] () MD5=A924F87D32D7D28D58D3CBDB8B103E6F -- C:\Windows\assembly\GAC_MSIL\ehiUPnP\6.1.0.0__31bf3856ad364e35\ehiUPnP.dll

[2009.07.14 03:20:38 | 000,032,768 | ---- | M] () MD5=62F20E48B43B44D9C6E9B4CF08FB120D -- C:\Windows\assembly\GAC_MSIL\ehiUserXp\6.1.0.0__31bf3856ad364e35\ehiUserXp.dll

[2009.07.14 03:20:51 | 000,335,872 | ---- | M] () MD5=DB2189BF0B4D192F70605F50EC30037B -- C:\Windows\assembly\GAC_MSIL\ehiVidCtl\6.1.0.0__31bf3856ad364e35\ehiVidCtl.dll

[2009.07.14 03:21:00 | 000,143,360 | ---- | M] () MD5=391EF4FF1EF376B4408C0DEFE2041DBF -- C:\Windows\assembly\GAC_MSIL\ehiwmp\6.1.0.0__31bf3856ad364e35\ehiwmp.dll

[2009.07.14 03:22:59 | 000,086,016 | ---- | M] () MD5=82A5798BD1A2FE8678A51CC9CE493F7F -- C:\Windows\assembly\GAC_MSIL\ehiWUapi\6.1.0.0__31bf3856ad364e35\ehiWUapi.dll

[2010.11.20 14:32:21 | 000,196,608 | ---- | M] () MD5=641443B48D34539ED0F58C1FC3A379F0 -- C:\Windows\assembly\GAC_MSIL\ehRecObj\6.1.0.0__31bf3856ad364e35\ehRecObj.dll

[2010.11.20 14:32:21 | 006,307,840 | ---- | M] () MD5=89AFF2261ECF21647B126E596675E302 -- C:\Windows\assembly\GAC_MSIL\ehshell\6.1.0.0__31bf3856ad364e35\ehshell.dll

[2010.11.20 14:19:48 | 000,008,192 | ---- | M] () MD5=D7081D68005C975549685E8BF129794E -- C:\Windows\assembly\GAC_MSIL\EventViewer.Resources\6.1.0.0_en_31bf3856ad364e35\EventViewer.resources.dll

[2010.11.20 14:32:20 | 000,368,640 | ---- | M] () MD5=F046EB4BBFC631D178C6DF20819C1DE5 -- C:\Windows\assembly\GAC_MSIL\EventViewer\6.1.0.0__31bf3856ad364e35\EventViewer.dll

[2009.06.10 23:22:54 | 000,008,192 | ---- | M] () MD5=96D9E7E468D537443DE037A7E15CB804 -- C:\Windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

[2009.06.10 23:22:55 | 000,077,824 | ---- | M] () MD5=AF29AA7F2F613951A9E913B4290B2ECE -- C:\Windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

[2009.06.10 23:22:55 | 000,006,656 | ---- | M] () MD5=D051642D0ED61E2886FD8917E8B6FAFD -- C:\Windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

[2009.07.14 03:23:32 | 000,106,496 | ---- | M] () MD5=967047584598B8EA09A742328872C06D -- C:\Windows\assembly\GAC_MSIL\loadmxf\6.1.0.0__31bf3856ad364e35\loadmxf.exe

[2010.11.20 14:32:22 | 000,942,080 | ---- | M] () MD5=95738FEDB3C23753C20CBCF7D772E259 -- C:\Windows\assembly\GAC_MSIL\mcepg\6.1.0.0__31bf3856ad364e35\mcepg.dll

[2009.07.14 03:19:48 | 000,053,248 | ---- | M] () MD5=F499B89A60548AF6B4E8EE715C6599B0 -- C:\Windows\assembly\GAC_MSIL\MCESidebarCtrl\6.1.0.0__31bf3856ad364e35\MCESidebarCtrl.dll

[2010.11.20 14:32:22 | 000,122,880 | ---- | M] () MD5=8E8ADA64942CF38625A557C026059AC3 -- C:\Windows\assembly\GAC_MSIL\mcglidhostobj\6.1.0.0__31bf3856ad364e35\mcglidhostobj.dll

[2010.11.20 14:32:22 | 000,171,520 | ---- | M] () MD5=C6FB5599850922CE6B440899C078A2CF -- C:\Windows\assembly\GAC_MSIL\mcplayerinterop\6.1.0.0__31bf3856ad364e35\mcplayerinterop.dll

[2010.11.20 14:32:22 | 000,638,976 | ---- | M] () MD5=F338EC894AA0CE005156B4AB2FF77CCC -- C:\Windows\assembly\GAC_MSIL\mcstore\6.1.0.0__31bf3856ad364e35\mcstore.dll

[2009.07.14 04:12:50 | 000,007,168 | ---- | M] () MD5=FCA8AC8ABBCE37458663CCA33E7F71F7 -- C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.resources.dll

[2009.07.14 03:20:28 | 000,057,344 | ---- | M] () MD5=D16F569EB4264641241465BEFA107BD0 -- C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll

[2009.06.10 23:14:36 | 000,106,496 | ---- | M] () MD5=550E75434C424A17A1E06669D8335C26 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll

[2010.11.05 03:57:44 | 000,348,160 | ---- | M] () MD5=24FDCD95121E59D39DCB1585EC8C5901 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

[2010.11.05 03:53:30 | 000,733,184 | ---- | M] () MD5=DC6476726F4A15BF5BC8CF2C235B17C6 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

[2010.11.05 03:57:44 | 000,036,864 | ---- | M] () MD5=4B177641BEBC8965220EC474D65981A3 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

[2009.06.10 23:14:40 | 000,036,864 | ---- | M] () MD5=80F89EC03B39E5A6700C9CA5A5545230 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

[2010.11.05 03:53:36 | 000,802,816 | ---- | M] () MD5=9EBE67131D1776B86410B56FFC95A5BF -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll

[2010.11.05 03:57:45 | 000,655,360 | ---- | M] () MD5=5B5AEB3CEB1FC6D77E57821E6A42DE72 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

[2010.11.05 03:53:30 | 000,094,208 | ---- | M] () MD5=B6EF0B4C1898D03FC7814B890FCE9B72 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll

[2010.11.05 03:57:45 | 000,077,824 | ---- | M] () MD5=D7A537839EAB83BAD8F3C053098198E8 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

[2009.07.14 04:13:02 | 000,036,864 | ---- | M] () MD5=3576E621125C0ECE94313B85CCE6F8B6 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Ink.Resources\6.1.0.0_en_31bf3856ad364e35\Microsoft.Ink.Resources.dll

[2009.06.10 23:23:03 | 000,749,568 | ---- | M] () MD5=3CF65928E67E362D5B25424EBCC27B12 -- C:\Windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

[2009.07.14 04:13:00 | 000,016,384 | ---- | M] () MD5=4D9D34F0204D5DF8EF1DBBD704735EEB -- C:\Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole.Resources\3.0.0.0_en_31bf3856ad364e35\Microsoft.ManagementConsole.Resources.dll

[2009.07.14 03:21:42 | 000,188,416 | ---- | M] () MD5=F8B72BFD1D8C36E1A2C98E25C9CF2504 -- C:\Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole\3.0.0.0__31bf3856ad364e35\Microsoft.ManagementConsole.dll

[2009.07.14 03:22:44 | 001,159,168 | ---- | M] () MD5=2D994989944FA2E9D2AD7450953523A9 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Bml\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Bml.dll

[2009.07.14 03:22:09 | 000,024,576 | ---- | M] () MD5=97D4AC2BAD43C5D5C8C42EDB71B2E532 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.iTv.Hosting\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTv.Hosting.dll

[2010.11.20 14:35:58 | 000,086,016 | ---- | M] () MD5=083B692697B5974B0A5ED59BF4D3147C -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.iTV\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTV.dll

[2010.11.20 14:35:58 | 000,045,056 | ---- | M] () MD5=A9D673D4B371B9D918875386640113BA -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.ITVVM\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.ITVVM.dll

[2010.11.20 14:35:58 | 001,572,864 | ---- | M] () MD5=0CFCDCFB9D28CE7AFC3F1823250ABE71 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Shell\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Shell.dll

[2010.11.20 14:35:58 | 000,241,664 | ---- | M] () MD5=3E1A7D201A38D73F14FFE90909B38A86 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Sports\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Sports.dll

[2010.11.20 14:35:59 | 002,596,864 | ---- | M] () MD5=732807787D6FA99791370D934360AE4C -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll

[2010.11.20 14:35:59 | 000,385,024 | ---- | M] () MD5=2F4797433A371756FE937CE802C2F313 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.dll

[2009.07.14 04:13:04 | 000,010,752 | ---- | M] () MD5=65B27C38DBD68EFEC636665FDBF4D1FF -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.resources.dll

[2010.11.20 14:35:58 | 000,102,400 | ---- | M] () MD5=2E86EDB34D366FCC9425B1A4654FC543 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll

[2009.07.14 04:13:06 | 000,036,864 | ---- | M] () MD5=10C9C4380C4B403B95D757C4517AFD5B -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.Resources.dll

[2010.11.20 14:35:58 | 000,290,816 | ---- | M] () MD5=33C0200ED261F9738AB90A58C97E2E52 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll

[2010.11.20 14:19:49 | 000,049,152 | ---- | M] () MD5=28AF2A12179398B90A6F18E451010209 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.Resources.dll

[2010.11.20 14:35:59 | 000,667,648 | ---- | M] () MD5=C23ACC08CB8049A8DDC7D8CD84280096 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll

[2010.11.20 14:19:49 | 000,040,960 | ---- | M] () MD5=42CDE70A57616C7D54694E881C5F84A9 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll

[2009.07.14 03:23:47 | 000,200,704 | ---- | M] () MD5=61408B3CF77B787A753B6F4F4A6840B1 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll

[2009.07.14 04:13:04 | 000,069,632 | ---- | M] () MD5=DF60F16CB3FA971EBD1CB6B1FA346AF6 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Editor.Resources.dll

[2010.11.20 14:35:59 | 000,991,232 | ---- | M] () MD5=7E6557381C8CF162A4ED0D9A581F870B -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Editor.dll

[2009.07.14 04:13:06 | 000,040,960 | ---- | M] () MD5=41888D6ED40E49C4DAED8E412BB18B90 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Gpowershell.resources.dll

[2009.07.14 03:22:04 | 000,651,264 | ---- | M] () MD5=E66B1EEE2AB24DE9F3D5189A1FC8D4BF -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GPowerShell.dll

[2009.07.14 04:13:06 | 000,016,896 | ---- | M] () MD5=E848EEBF463086883E026AAD11C24F1A -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.Resources.dll

[2009.07.14 03:20:38 | 000,278,528 | ---- | M] () MD5=3EAB4DBDC290EDC4D53FE77F1FDB9E59 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.dll

[2009.07.14 04:11:48 | 000,009,216 | ---- | M] () MD5=462D0B841E939094840CFA61C990410F -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll

[2010.11.20 14:35:58 | 000,077,824 | ---- | M] () MD5=B1282FC909517D890C61F7F3313134EF -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll

[2009.07.14 04:13:06 | 000,073,728 | ---- | M] () MD5=67F68317A9F346A32039F9651C7EAC46 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Tpm.Resources\6.1.0.0_en_31bf3856ad364e35\microsoft.tpm.resources.dll

[2009.07.14 03:24:19 | 000,192,512 | ---- | M] () MD5=466761E68D1AAED81DFD5E43B168D2F0 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Tpm\6.1.0.0__31bf3856ad364e35\Microsoft.Tpm.dll

[2009.06.10 23:14:03 | 000,397,312 | ---- | M] () MD5=130FF58B6245F78097E7619EFB61CDD2 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

[2009.06.10 23:23:03 | 000,110,592 | ---- | M] () MD5=A070FD9509392CEB84A3ED8F8A42A504 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

[2010.11.05 03:57:46 | 000,372,736 | ---- | M] () MD5=B424A0AF636B1D3DAE3A664285EF9795 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

[2009.06.10 23:23:04 | 000,028,672 | ---- | M] () MD5=A5B5F03020C0A01276801CF2C807FF8C -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

[2010.11.05 03:57:46 | 000,610,304 | ---- | M] () MD5=DF1F3AFE18D254F759BB1A000B811C15 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

[2009.06.10 23:14:40 | 000,041,984 | ---- | M] () MD5=DD26812B72AF01116F7A1DDD4FA21E49 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll

[2009.06.10 23:23:04 | 000,005,632 | ---- | M] () MD5=BBAEF0C6E310A25D3BCCAA2ADC538F82 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

[2009.06.10 23:23:04 | 000,012,800 | ---- | M] () MD5=71C2F1A0F8FFD6D017F039AC023DE81C -- C:\Windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

[2009.06.10 23:23:04 | 000,032,768 | ---- | M] () MD5=45F2E4914DDCDA6F468D99FAA91911F2 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

[2009.07.14 04:13:08 | 000,004,096 | ---- | M] () MD5=04D3E891B3256A1EBD36FA7B6F984920 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.resources.dll

[2009.07.14 03:25:15 | 000,009,728 | ---- | M] () MD5=96F718F03F4D8782D7EB11954AC0E914 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.GetDiagInput\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.dll

[2009.07.14 04:13:08 | 000,004,096 | ---- | M] () MD5=ADD629AFA64864C8519B2485F6F61554 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.resources.dll

[2009.07.14 03:26:39 | 000,010,752 | ---- | M] () MD5=78EF40CE03E23CB6702391D919F95436 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.dll

[2009.07.14 04:13:08 | 000,004,096 | ---- | M] () MD5=84AA3A80B726C6DCCDAA38A879862D6D -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.resources.dll

[2009.07.14 03:25:40 | 000,009,216 | ---- | M] () MD5=EE5B0505F2E8E8305748DD270A7AD929 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.dll

[2009.07.14 04:13:08 | 000,004,096 | ---- | M] () MD5=BEBFDDCB2DB36E9302A4358878C8CFD4 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.resources.dll

[2009.07.14 03:25:32 | 000,008,192 | ---- | M] () MD5=7FBCA94271448B41DB000C98C9615312 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.dll

[2010.11.20 14:19:49 | 000,004,096 | ---- | M] () MD5=B8E015AD059FFAFCE9CB40DF775B11E0 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.SDHost.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDHost.resources.dll

[2009.07.14 03:25:35 | 000,024,576 | ---- | M] () MD5=915BBFA6BBF105C0C51398A3398D19CB -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.SDHost\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDHost.dll

[2009.07.14 04:13:08 | 000,006,656 | ---- | M] () MD5=FC66A5034B5B6A7C09FCE86C47BBF4ED -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack.Resources\6.1.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.resources.dll

[2009.07.14 03:26:37 | 000,049,152 | ---- | M] () MD5=4BB0FF1D72803CC075D92CE2FBDCA2B3 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll

[2010.11.20 14:19:49 | 000,013,824 | ---- | M] () MD5=C58C7003380F76221AB9B5BBB4AE4452 -- C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll

[2010.11.20 14:36:00 | 000,286,720 | ---- | M] () MD5=64C192235DF8F704412F0D66BAF5C1B1 -- C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll

[2009.07.14 03:22:00 | 000,007,168 | ---- | M] () MD5=D5F86545FAF811ED2CCF3C6117B0EC44 -- C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll

[2009.06.10 23:23:04 | 000,007,168 | ---- | M] () MD5=E5640EF09DA87B03E78F18F850CFF728 -- C:\Windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

[2009.07.14 04:13:12 | 001,552,384 | ---- | M] () MD5=5D85FA66189E6832466C8DEE97CA8C3F -- C:\Windows\assembly\GAC_MSIL\MiguiControls.Resources\1.0.0.0_en_31bf3856ad364e35\MIGUIControls.resources.dll

[2010.11.20 14:36:00 | 003,416,064 | ---- | M] () MD5=CD35B1936F50990D1FCEAE31E2D1553F -- C:\Windows\assembly\GAC_MSIL\MiguiControls\1.0.0.0__31bf3856ad364e35\MIGUIControls.dll

[2010.11.20 14:19:49 | 000,036,864 | ---- | M] () MD5=E5956455F8A07B174CF146247EC6315E -- C:\Windows\assembly\GAC_MSIL\MMCEx.Resources\3.0.0.0_en_31bf3856ad364e35\MMCEx.Resources.dll

[2009.07.14 03:26:50 | 000,421,888 | ---- | M] () MD5=A9D4275CE5EA165C267AE05A6821CB54 -- C:\Windows\assembly\GAC_MSIL\MMCEx\3.0.0.0__31bf3856ad364e35\MMCEx.dll

[2010.11.20 14:19:49 | 000,004,096 | ---- | M] () MD5=930887F063E075C31E38E435F9C3D94C -- C:\Windows\assembly\GAC_MSIL\MMCFxCommon.Resources\3.0.0.0_en_31bf3856ad364e35\MMCFxCommon.Resources.dll

[2009.07.14 03:26:07 | 000,110,592 | ---- | M] () MD5=E72BF459A519312B4FF7F3FA8A85BA13 -- C:\Windows\assembly\GAC_MSIL\MMCFxCommon\3.0.0.0__31bf3856ad364e35\MMCFxCommon.dll

[2010.11.20 14:19:49 | 000,049,152 | ---- | M] () MD5=B0F301AA13B7E4F227F6964856739530 -- C:\Windows\assembly\GAC_MSIL\napinit.resources\6.1.0.0_en_31bf3856ad364e35\napinit.Resources.dll

[2009.07.14 03:22:44 | 000,073,728 | ---- | M] () MD5=0E2E919A5255D305CF1B3AE9B9D452F1 -- C:\Windows\assembly\GAC_MSIL\napinit\6.1.0.0__31bf3856ad364e35\NAPINIT.DLL

[2009.07.14 04:12:16 | 000,233,472 | ---- | M] () MD5=804C49310D2EA3B1A2E3809CE3C93B47 -- C:\Windows\assembly\GAC_MSIL\napsnap.resources\6.1.0.0_en_31bf3856ad364e35\napsnap.resources.dll

[2009.07.14 03:25:01 | 000,454,656 | ---- | M] () MD5=FC35785CC6FD225A4E504A23DE13D085 -- C:\Windows\assembly\GAC_MSIL\napsnap\6.1.0.0__31bf3856ad364e35\NAPSNAP.DLL

[2010.11.20 14:36:00 | 001,077,248 | ---- | M] () MD5=95DE3CF54E0A360EED766DBDDF152F0D -- C:\Windows\assembly\GAC_MSIL\Narrator\6.1.0.0__31bf3856ad364e35\Narrator.exe

[2011.08.24 01:56:53 | 000,000,815 | ---- | M] () MD5=0A33273323603FCBD8DDD74758163161 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.ehRecObj\6.1.0.0__31bf3856ad364e35\Policy.6.0.ehRecObj.config

[2011.08.24 01:56:53 | 000,005,632 | ---- | M] () MD5=841736FAB112AC493646E4399E684D38 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.ehRecObj\6.1.0.0__31bf3856ad364e35\Policy.6.0.ehRecObj.dll

[2011.08.24 01:56:53 | 000,000,831 | ---- | M] () MD5=A9C1035129544B3867E06A8F02874FE4 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.UI.config

[2011.08.24 01:56:53 | 000,005,632 | ---- | M] () MD5=1A49D09BD80C023A771214DA826FF6B6 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.UI.dll

[2011.08.24 01:56:53 | 000,000,828 | ---- | M] () MD5=52B88C0916FAFF34E0174CD718980AC4 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.config

[2011.08.24 01:56:53 | 000,005,632 | ---- | M] () MD5=0C8F794B0C057EB421569A4E5B8E98C5 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.dll

[2010.11.05 03:53:21 | 000,598,016 | ---- | M] () MD5=AEFD96A1A087027A7EDC21F83F1B4727 -- C:\Windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll

[2009.06.10 23:14:50 | 000,032,768 | ---- | M] () MD5=24F02A6A94DC8AE6F2ACDA7950CBEEB3 -- C:\Windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll

[2009.06.10 23:14:51 | 000,042,856 | ---- | M] () MD5=E56F39F6B7FDA0AC77A79B0FD3DE1A2F -- C:\Windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe

[2009.06.10 23:14:43 | 000,196,608 | ---- | M] () MD5=C9DF30B6F5D99C8147C528528B9CC498 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

[2009.06.10 23:14:44 | 000,139,264 | ---- | M] () MD5=98F2493B40E00061B4A4369E63790293 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

[2010.11.05 03:53:23 | 000,397,312 | ---- | M] () MD5=4E9FDA223530F931AC1F03ABB58E4DA5 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

[2009.06.10 23:14:44 | 000,163,840 | ---- | M] () MD5=13E8EC241CA1402C923DF3A1DA9CAF70 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

[2012.02.11 01:31:41 | 005,283,840 | ---- | M] () MD5=530DFD580E4C341B267ED4E2A56B8233 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll

[2009.06.10 23:14:52 | 000,864,256 | ---- | M] () MD5=0F8242348EBA698FF93193A6BDC55362 -- C:\Windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll

[2012.02.11 01:31:41 | 000,532,480 | ---- | M] () MD5=93CF6C96CDBFC1834A28F835B769E8BA -- C:\Windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll

[2009.06.10 23:15:18 | 000,005,632 | ---- | M] () MD5=AA7004ABA8C37DDCA200E16F1570EF62 -- C:\Windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll

[2010.11.05 03:52:39 | 000,110,592 | ---- | M] () MD5=6F145DEF09821EB6614C501430CB838C -- C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll

[2010.11.05 03:52:39 | 000,128,848 | ---- | M] () MD5=F476EC40033CDB91EFBE73EB99B8362D -- C:\Windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe

[2009.07.14 03:25:09 | 000,086,016 | ---- | M] () MD5=46107610B0BDFA104BDF859664DB1654 -- C:\Windows\assembly\GAC_MSIL\SonicMCEBurnEngine\6.1.0.0__31bf3856ad364e35\SonicMCEBurnEngine.dll

[2009.06.10 23:23:17 | 000,110,592 | ---- | M] () MD5=3C8AF820562CC8E3A1CF82650518F66C -- C:\Windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

[2010.11.05 03:53:30 | 000,045,056 | ---- | M] () MD5=6D593E9AE74E39A62F8184515B27DF28 -- C:\Windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

[2012.01.04 04:50:53 | 000,163,840 | ---- | M] () MD5=C2EC2AD05B97F9124399E1DA1D1386C2 -- C:\Windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll

[2010.11.05 03:53:30 | 000,057,344 | ---- | M] () MD5=27E76A55FA5C3586297C2D42986304AC -- C:\Windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

[2010.11.05 03:58:04 | 000,081,920 | ---- | M] () MD5=ED2D3B032733BFC7A68FCE05BC7F93B4 -- C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

[2010.11.05 03:58:04 | 000,425,984 | ---- | M] () MD5=5A7A33F7F9DFC0C0A8B8E000F4D9D898 -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

[2010.11.05 03:53:30 | 000,667,648 | ---- | M] () MD5=FC114C6C8AB34F1A357069AD3E4477F8 -- C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll

[2010.11.05 03:53:31 | 000,053,248 | ---- | M] () MD5=82D34DEB3105E63981A0306B03C10A07 -- C:\Windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

[2010.11.05 03:53:31 | 000,229,376 | ---- | M] () MD5=02B81AAEB463E966372AF6A1C0B6038E -- C:\Windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll

[2010.11.05 03:53:31 | 002,879,488 | ---- | M] () MD5=EEDCBC7607D2852BBF74409B49A8D1C1 -- C:\Windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll

[2010.11.05 03:53:31 | 000,684,032 | ---- | M] () MD5=8AB40EB71BB5D5F4641AA5895712B981 -- C:\Windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll

[2010.11.05 03:53:32 | 000,462,848 | ---- | M] () MD5=606ACF1553423BFDD3CABEBA3DF264B9 -- C:\Windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll

[2010.11.05 03:53:32 | 000,163,840 | ---- | M] () MD5=0ACA904F87E674CF3CB6746D9D3AB321 -- C:\Windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll

[2010.11.05 03:53:32 | 000,692,224 | ---- | M] () MD5=4BA482E447D6096E8D4348AAE306CE1B -- C:\Windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll

[2010.11.05 03:58:05 | 000,745,472 | ---- | M] () MD5=800484A3335EACDAA9600120385CCBDC -- C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

[2010.11.05 03:58:05 | 000,970,752 | ---- | M] () MD5=418EC83A2FC441A3D40F3FDCDA851392 -- C:\Windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

[2012.03.22 00:32:36 | 004,927,488 | ---- | M] () MD5=93B68EBA6B5BB6AC877441C8BE9E40C0 -- C:\Windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

[2010.11.05 03:53:32 | 000,290,816 | ---- | M] () MD5=CD86BDCB5E115635E6AB7DFE77FC1D11 -- C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll

[2009.06.10 23:23:18 | 000,188,416 | ---- | M] () MD5=EE1DCDAA3EA8F53DA56116875CD01653 -- C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

[2010.11.05 03:58:06 | 000,401,408 | ---- | M] () MD5=AF1F47FBADABB9134002359970F5FD1C -- C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

[2009.06.10 23:23:18 | 000,081,920 | ---- | M] () MD5=D195A195E3D16A867FD4382D786313B8 -- C:\Windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

[2012.04.24 00:35:09 | 000,630,784 | ---- | M] () MD5=1312BDEE8EC4F13CBB25BDBB359768A0 -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

[2010.11.05 03:52:27 | 000,126,976 | ---- | M] () MD5=DF7FEE2563BF2D59926B786FBF636510 -- C:\Windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

[2010.11.05 03:52:27 | 000,442,368 | ---- | M] () MD5=9638C20A92962CAFC45E8F48AE6238F5 -- C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll

[2009.06.10 23:13:54 | 000,131,072 | ---- | M] () MD5=AC45DB17E166ECEBD320D4FA2820C1B6 -- C:\Windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

[2010.11.20 14:19:49 | 000,253,952 | ---- | M] () MD5=53998D919FABB0F5EF2BD7C38533D2B7 -- C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_en_31bf3856ad364e35\System.Management.Automation.Resources.dll

[2010.11.20 14:36:01 | 003,010,560 | ---- | M] () MD5=4214698AD147EA8E83CC0E7DCF883DB3 -- C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll

[2010.11.05 03:53:32 | 000,143,360 | ---- | M] () MD5=BCD4761D6E2290B490498126C67A35D0 -- C:\Windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

[2010.11.05 03:58:09 | 000,385,024 | ---- | M] () MD5=52C875E8F96E4F9E69914A538C129C6E -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

[2010.11.05 03:58:09 | 000,258,048 | ---- | M] () MD5=3035497DE3B9208633BC7F3604D781FB -- C:\Windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

[2010.11.05 03:53:32 | 000,237,568 | ---- | M] () MD5=74446FB0C54CB43A279E735F9C335752 -- C:\Windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll

[2010.11.05 03:58:10 | 000,303,104 | ---- | M] () MD5=1D4DA021B0AD837B35AFB772CC7C636D -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () MD5=C9781DA4EE6A5BBAE271CC0AC4B25D7C -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

[2010.11.05 03:52:27 | 000,970,752 | ---- | M] () MD5=01D4E1005C901889517EED7F438DB501 -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

[2010.11.05 03:58:10 | 000,258,048 | ---- | M] () MD5=A15491BE2D672FCDBFEB250E9594D7ED -- C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

[2010.11.05 03:52:40 | 000,073,728 | ---- | M] () MD5=4E0883AF9D5B4F2AAFD19F6663CBAF5F -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll

[2010.11.05 03:52:41 | 000,032,768 | ---- | M] () MD5=9A9827B4F896F40607DF8103B9C438C0 -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll

[2010.11.05 03:52:44 | 000,569,344 | ---- | M] () MD5=EA5213E7090668C917EEB947FDC3CD46 -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll

[2010.11.05 03:52:30 | 005,988,352 | ---- | M] () MD5=196D093057DE9D765FF8DDFA24215D3B -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll

[2010.11.05 03:58:10 | 000,114,688 | ---- | M] () MD5=F68CAFF425A9F37E498193BDDC5CC652 -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

[2009.06.10 23:14:45 | 000,688,128 | ---- | M] () MD5=31588B867657A7DF046AC1908550D73C -- C:\Windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll

[2010.11.05 03:53:32 | 000,077,824 | ---- | M] () MD5=DE8831D65E92BC50304F37CC75EC31D5 -- C:\Windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll

[2010.11.05 03:53:32 | 000,032,768 | ---- | M] () MD5=4A1EF32D7C394D8400870C73B40CA2A4 -- C:\Windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll

[2010.11.05 03:53:32 | 000,229,376 | ---- | M] () MD5=054F8B86C1258EDDB833A38B54155CF7 -- C:\Windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll

[2010.11.05 03:53:32 | 000,131,072 | ---- | M] () MD5=A282147F21B0DB24DB3B3566E828A8AE -- C:\Windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll

[2010.11.05 03:53:33 | 000,139,264 | ---- | M] () MD5=A5722B31B8454EE1CC50753C93CFDB4E -- C:\Windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll

[2010.11.05 03:53:33 | 000,335,872 | ---- | M] () MD5=C935E89C6F71F188282632F35A04D0C1 -- C:\Windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll

[2011.12.25 22:42:15 | 001,277,952 | ---- | M] () MD5=58AD1FECFBAEE633D6326377D8E0982E -- C:\Windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

[2010.11.05 03:58:11 | 000,835,584 | ---- | M] () MD5=18FDA35C607C486C0D5B91D7DD06CD17 -- C:\Windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

[2009.06.10 23:23:20 | 000,077,824 | ---- | M] () MD5=1CDB3B55F1330F85A674B0B5927399F4 -- C:\Windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

[2010.11.05 03:53:33 | 000,061,440 | ---- | M] () MD5=6D138BD2348457A5097F2772C78FE094 -- C:\Windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll

[2010.11.05 03:58:12 | 000,839,680 | ---- | M] () MD5=8C0B098B41A27B08D58CAE7A61A3BA19 -- C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

[2012.03.22 00:32:36 | 005,025,792 | ---- | M] () MD5=68CE18072E9CDFE63DD2E083868C7433 -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

[2009.06.10 23:15:18 | 000,012,288 | ---- | M] () MD5=1CCEE8037C8EF9A08DD0ADB7E3E38D78 -- C:\Windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll

[2010.11.05 03:53:45 | 001,142,784 | ---- | M] () MD5=A422312AE61E44B166FAC615786296A1 -- C:\Windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll

[2010.11.05 03:53:46 | 001,630,208 | ---- | M] () MD5=BD0B0F768E7E74C5CD7A34B8B4BCC81D -- C:\Windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll

[2010.11.05 03:53:46 | 000,540,672 | ---- | M] () MD5=32FF0E945F51F5147A8304026B5C19EA -- C:\Windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll

[2010.11.05 03:52:45 | 000,507,904 | ---- | M] () MD5=CC3B424ED10A8E477B5D466188531F26 -- C:\Windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll

[2010.11.05 03:53:34 | 000,139,264 | ---- | M] () MD5=EF6CEBC989FBDAEEB83E5662F1499FC0 -- C:\Windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll

[2010.11.05 03:58:14 | 002,048,000 | ---- | M] () MD5=5B3FA17E1CD6FBBDF41AC34DAEECC256 -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

[2012.01.04 04:51:03 | 003,190,784 | ---- | M] () MD5=5259AD96BE93F3DC9B649759DAC05B7A -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

[2009.07.14 04:12:46 | 000,007,168 | ---- | M] () MD5=ABBF43F681EF160CAAB7C41BC289DA06 -- C:\Windows\assembly\GAC_MSIL\TaskScheduler.Resources\6.1.0.0_en_31bf3856ad364e35\TaskScheduler.resources.dll

[2010.11.20 14:36:00 | 000,167,936 | ---- | M] () MD5=1D264989FFABEF36745304F5DD216DC7 -- C:\Windows\assembly\GAC_MSIL\TaskScheduler\6.1.0.0__31bf3856ad364e35\TaskScheduler.dll

[2009.06.10 23:14:45 | 000,172,032 | ---- | M] () MD5=3F47DB8D603A84FBF1154901AAC177CD -- C:\Windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

[2009.06.10 23:14:46 | 000,380,928 | ---- | M] () MD5=32D7B8CC805D2DA70D01DA89982DCE1D -- C:\Windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

[2009.06.10 23:14:46 | 000,040,960 | ---- | M] () MD5=0D2A84FF4383B4F41EDA8B4DE2D45D6C -- C:\Windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

[2009.06.10 23:14:46 | 000,098,304 | ---- | M] () MD5=62DF8C1D169752DF885E44D21309F7E6 -- C:\Windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

[2012.02.11 01:31:42 | 001,253,376 | ---- | M] () MD5=9F668404AB36B97B0FF5C4B140A1F1FE -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll

[2009.06.10 23:14:47 | 000,094,208 | ---- | M] () MD5=D9673C241B14E5526A81B3ABAD3FD3BA -- C:\Windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

[2010.11.05 03:52:42 | 000,149,328 | ---- | M] () MD5=8AB248DD85018CC3232D2F20E45A30E7 -- C:\Windows\assembly\GAC_MSIL\WsatConfig\3.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe

 

< HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >

"" = Microsoft WBEM New Event Subsystem

[HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

< HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >

"" = Microsoft WBEM New Event Subsystem

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >

"" = MruPidlList

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s >

"" = Start Menu Pin

"ImplementsVerbs" = startpin;startunpin

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s >

"" = PSFactoryBuffer

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemsvc.dll -- [2009.07.14 03:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

< HKEY_CURRENT_USER\Software\MSOLoad /s >

 

< c:\system volume information|_REGISTRY_MACHINE_SYSTEM;true;true;true /FP >

[2011.08.04 10:35:29 | 005,963,776 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP1\snapshot\_REGISTRY_MACHINE_SYSTEM

[2011.08.10 00:20:01 | 006,029,312 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP10\snapshot\_REGISTRY_MACHINE_SYSTEM

[2011.08.11 03:00:14 | 006,029,312 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP11\snapshot\_REGISTRY_MACHINE_SYSTEM

[2011.08.12 03:35:34 | 006,029,312 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP12\snapshot\_REGISTRY_MACHINE_SYSTEM

[2011.08.12 06:32:28 | 006,029,312 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP13\snapshot\_REGISTRY_MACHINE_SYSTEM

[2011.08.13 23:43:51 | 006,045,696 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP14\snapshot\_REGISTRY_MACHINE_SYSTEM

[2011.08.13 23:44:09 | 006,045,696 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP15\snapshot\_REGISTRY_MACHINE_SYSTEM

[2011.08.15 18:08:56 | 006,062,080 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP16\snapshot\_REGISTRY_MACHINE_SYSTEM

[2011.08.16 21:18:00 | 006,062,080 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP17\snapshot\_REGISTRY_MACHINE_SYSTEM

[2011.08.17 09:44:37 | 006,152,192 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP18\snapshot\_REGISTRY_MACHINE_SYSTEM

[2011.08.18 12:48:29 | 006,152,192 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP19\snapshot\_REGISTRY_MACHINE_SYSTEM

[2011.08.05 03:00:59 | 005,963,776 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP2\snapshot\_REGISTRY_MACHINE_SYSTEM

[2011.08.21 20:02:06 | 006,266,880 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP20\snapshot\_REGISTRY_MACHINE_SYSTEM

[2011.08.22 20:13:12 | 006,266,880 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP21\snapshot\_REGISTRY_MACHINE_SYSTEM

[2011.08.22 23:33:17 | 006,266,880 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP22\snapshot\_REGISTRY_MACHINE_SYSTEM

[2011.08.23 00:12:44 | 006,266,880 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP23\snapshot\_REGISTRY_MACHINE_SYSTEM

[2011.08.23 00:15:13 | 006,266,880 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP24\snapshot\_REGISTRY_MACHINE_SYSTEM

[2011.08.05 07:23:56 | 005,971,968 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP3\snapshot\_REGISTRY_MACHINE_SYSTEM

[2011.08.05 12:13:49 | 006,012,928 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP4\snapshot\_REGISTRY_MACHINE_SYSTEM

[2011.08.05 19:36:11 | 006,012,928 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP5\snapshot\_REGISTRY_MACHINE_SYSTEM

[2011.08.06 03:00:17 | 006,012,928 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP6\snapshot\_REGISTRY_MACHINE_SYSTEM

[2011.08.07 03:20:22 | 006,012,928 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP7\snapshot\_REGISTRY_MACHINE_SYSTEM

[2011.08.07 06:34:23 | 006,012,928 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP8\snapshot\_REGISTRY_MACHINE_SYSTEM

[2011.08.08 21:08:45 | 006,012,928 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP9\snapshot\_REGISTRY_MACHINE_SYSTEM

 

< c:\system volume information|_REGISTRY_MACHINE_SOFTWARE;true;true;true /FP >

[2011.08.04 10:35:26 | 041,361,408 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP1\snapshot\_REGISTRY_MACHINE_SOFTWARE

[2011.08.10 00:20:00 | 041,816,064 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP10\snapshot\_REGISTRY_MACHINE_SOFTWARE

[2011.08.11 03:00:14 | 041,816,064 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP11\snapshot\_REGISTRY_MACHINE_SOFTWARE

[2011.08.12 03:35:34 | 042,508,288 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP12\snapshot\_REGISTRY_MACHINE_SOFTWARE

[2011.08.12 06:32:28 | 042,508,288 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP13\snapshot\_REGISTRY_MACHINE_SOFTWARE

[2011.08.13 23:43:50 | 042,508,288 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP14\snapshot\_REGISTRY_MACHINE_SOFTWARE

[2011.08.13 23:44:09 | 042,508,288 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP15\snapshot\_REGISTRY_MACHINE_SOFTWARE

[2011.08.15 18:08:56 | 042,508,288 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP16\snapshot\_REGISTRY_MACHINE_SOFTWARE

[2011.08.16 21:17:59 | 042,508,288 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP17\snapshot\_REGISTRY_MACHINE_SOFTWARE

[2011.08.17 09:44:37 | 042,508,288 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP18\snapshot\_REGISTRY_MACHINE_SOFTWARE

[2011.08.18 12:48:28 | 042,508,288 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP19\snapshot\_REGISTRY_MACHINE_SOFTWARE

[2011.08.05 03:00:41 | 041,381,888 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP2\snapshot\_REGISTRY_MACHINE_SOFTWARE

[2011.08.21 20:02:06 | 042,508,288 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP20\snapshot\_REGISTRY_MACHINE_SOFTWARE

[2011.08.22 20:13:12 | 042,508,288 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP21\snapshot\_REGISTRY_MACHINE_SOFTWARE

[2011.08.22 23:33:17 | 042,508,288 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP22\snapshot\_REGISTRY_MACHINE_SOFTWARE

[2011.08.23 00:12:44 | 042,508,288 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP23\snapshot\_REGISTRY_MACHINE_SOFTWARE

[2011.08.23 00:15:12 | 042,508,288 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP24\snapshot\_REGISTRY_MACHINE_SOFTWARE

[2011.08.05 07:23:53 | 041,426,944 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP3\snapshot\_REGISTRY_MACHINE_SOFTWARE

[2011.08.05 12:13:48 | 041,656,320 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP4\snapshot\_REGISTRY_MACHINE_SOFTWARE

[2011.08.05 19:36:10 | 041,734,144 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP5\snapshot\_REGISTRY_MACHINE_SOFTWARE

[2011.08.06 03:00:16 | 041,734,144 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP6\snapshot\_REGISTRY_MACHINE_SOFTWARE

[2011.08.07 03:20:21 | 041,816,064 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP7\snapshot\_REGISTRY_MACHINE_SOFTWARE

[2011.08.07 06:34:22 | 041,816,064 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP8\snapshot\_REGISTRY_MACHINE_SOFTWARE

[2011.08.08 21:08:45 | 041,816,064 | ---- | M] () -- c:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP9\snapshot\_REGISTRY_MACHINE_SOFTWARE

 

< bcdedit /enum all /v >C:\boot.txt /c >

Windows Boot Manager

--------------------

identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}

device partition=C:

description Windows Boot Manager

locale en-US

inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

default {206d1cf4-cde7-11e0-b738-003018a8715d}

resumeobject {019a11a6-cdea-11e0-8cf6-eefa7942c1a9}

displayorder {019a11a7-cdea-11e0-8cf6-eefa7942c1a9}

{206d1cf4-cde7-11e0-b738-003018a8715d}

toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}

timeout 30

Windows Boot Loader

-------------------

identifier {019a11a7-cdea-11e0-8cf6-eefa7942c1a9}

device partition=C:

path \Windows\system32\winload.exe

description Windows 7

locale en-US

inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}

recoverysequence {019a11a8-cdea-11e0-8cf6-eefa7942c1a9}

recoveryenabled Yes

osdevice partition=C:

systemroot \Windows

resumeobject {019a11a6-cdea-11e0-8cf6-eefa7942c1a9}

nx OptIn

Windows Boot Loader

-------------------

identifier {019a11a8-cdea-11e0-8cf6-eefa7942c1a9}

device ramdisk=[C:]\Recovery\019a11a8-cdea-11e0-8cf6-eefa7942c1a9\Winre.wim,{019a11a9-cdea-11e0-8cf6-eefa7942c1a9}

path \windows\system32\winload.exe

description Windows Recovery Environment

inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}

osdevice ramdisk=[C:]\Recovery\019a11a8-cdea-11e0-8cf6-eefa7942c1a9\Winre.wim,{019a11a9-cdea-11e0-8cf6-eefa7942c1a9}

systemroot \windows

nx OptIn

winpe Yes

custom:46000010 Yes

Resume from Hibernate

---------------------

identifier {019a11a6-cdea-11e0-8cf6-eefa7942c1a9}

device partition=C:

path \Windows\system32\winresume.exe

description Windows Resume Application

locale en-US

inherit {1afa9c49-16ab-4a5c-901b-212802da9460}

filedevice partition=C:

filepath \hiberfil.sys

pae Yes

debugoptionenabled No

Windows Memory Tester

---------------------

identifier {b2721d73-1db4-4c62-bf78-c548a880142d}

device partition=C:

path \boot\memtest.exe

description Windows Memory Diagnostic

locale en-US

inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

badmemoryaccess Yes

Windows Legacy OS Loader

------------------------

identifier {466f5a88-0af2-4f76-9038-095b170dc21c}

device partition=C:

path \ntldr

description Earlier Version of Windows

Real-mode Boot Sector

---------------------

identifier {206d1cf4-cde7-11e0-b738-003018a8715d}

device partition=C:

path \XELD1.1st

description Windows 7 Loader XE

EMS Settings

------------

identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}

bootems Yes

Debugger Settings

-----------------

identifier {4636856e-540f-4170-a130-a84776f4c654}

debugtype Serial

debugport 1

baudrate 115200

RAM Defects

-----------

identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings

---------------

identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

inherit {4636856e-540f-4170-a130-a84776f4c654}

{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}

{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings

--------------------

identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}

inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings

-------------------

identifier {7ff607e0-4395-11db-b0de-0800200c9a66}

hypervisordebugtype Serial

hypervisordebugport 1

hypervisorbaudrate 115200

Resume Loader Settings

----------------------

identifier {1afa9c49-16ab-4a5c-901b-212802da9460}

inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options

--------------

identifier {019a11a9-cdea-11e0-8cf6-eefa7942c1a9}

description Ramdisk Options

ramdisksdidevice partition=C:

ramdisksdipath \Recovery\019a11a8-cdea-11e0-8cf6-eefa7942c1a9\boot.sdi

 

< echo list vol > C:\commands.txt | diskpart /s C:\commands.txt > C:\DiskReport.txt /c >

Microsoft DiskPart version 6.1.7601

Copyright © 1999-2008 Microsoft Corporation.

On computer: JIMMY

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

Volume 0 F NFSMW_DISC1 CDFS DVD-ROM 671 MB Healthy

Volume 1 G DVD-ROM 0 B No Media

Volume 2 H DVD-ROM 0 B No Media

Volume 3 C NTFS Partition 189 GB Healthy System

Volume 4 D NTFS Partition 406 GB Healthy

 

========== Restore Points Found ==========

[2011.08.23 00:15:13 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP24\snapshot

[2011.08.23 00:12:45 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP23\snapshot

[2011.08.22 23:33:17 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP22\snapshot

[2011.08.22 20:13:13 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP21\snapshot

[2011.08.21 20:02:07 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP20\snapshot

[2011.08.18 12:48:29 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP19\snapshot

[2011.08.17 09:44:38 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP18\snapshot

[2011.08.16 21:18:00 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP17\snapshot

[2011.08.15 18:08:57 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP16\snapshot

[2011.08.13 23:44:09 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP15\snapshot

[2011.08.13 23:43:51 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP14\snapshot

[2011.08.12 06:32:29 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP13\snapshot

[2011.08.12 03:35:35 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP12\snapshot

[2011.08.11 03:00:15 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP11\snapshot

[2011.08.10 00:20:01 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP10\snapshot

[2011.08.08 21:08:45 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP9\snapshot

[2011.08.07 06:34:23 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP8\snapshot

[2011.08.07 03:20:22 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP7\snapshot

[2011.08.06 03:00:17 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP6\snapshot

[2011.08.05 19:36:12 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP5\snapshot

[2011.08.05 12:13:49 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP4\snapshot

[2011.08.05 07:23:56 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP3\snapshot

[2011.08.05 03:01:05 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP2\snapshot

[2011.08.04 10:35:39 | 000,000,000 | ---D | M] -- C:\System Volume Information\_restore{B5B25B1B-5B42-43F0-BB52-0BD3858B1941}\RP1\snapshot

 

< MD5 for: AFD.SYS >

[2011.04.25 04:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys

[2010.11.20 10:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys

[2011.04.25 04:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys

[2011.04.25 04:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys

[2011.04.25 04:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys

[2011.04.25 05:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys

[2009.07.14 01:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys

 

< MD5 for: ATAPI.SYS >

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

 

< MD5 for: CSC.SYS >

[2009.07.14 01:15:13 | 000,387,584 | ---- | M] (Microsoft Corporation) MD5=27C9490BDD0AE48911AB8CF1932591ED -- C:\Windows\winsxs\x86_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7600.16385_none_9e1e9f0abd3adf87\csc.sys

[2010.11.20 10:44:36 | 000,388,096 | ---- | M] (Microsoft Corporation) MD5=3C2177A897B4CA2788C6FB0C3FD81D4B -- C:\Windows\winsxs\x86_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7601.17514_none_a04fb2d2ba296321\csc.sys

 

< MD5 for: DFSC.SYS >

[2011.04.27 04:33:46 | 000,078,336 | ---- | M] (Microsoft Corporation) MD5=83D1ECEA8FAAE75604C0FA49AC7AD996 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16804_none_87c60c95472f7333\dfsc.sys

[2011.04.27 04:24:42 | 000,078,336 | ---- | M] (Microsoft Corporation) MD5=886E8C1608146CC355DDD455F5C8DD87 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.20953_none_8818997a6076855b\dfsc.sys

[2009.07.14 01:14:17 | 000,078,336 | ---- | M] (Microsoft Corporation) MD5=8E09E52EE2E3CEB199EF3DD99CF9E3FB -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16385_none_87708401476f7a4f\dfsc.sys

[2010.11.20 10:42:32 | 000,078,336 | ---- | M] (Microsoft Corporation) MD5=F024449C97EC1E464AAFFDA18593DB88 -- C:\Windows\System32\drivers\dfsc.sys

[2010.11.20 10:42:32 | 000,078,336 | ---- | M] (Microsoft Corporation) MD5=F024449C97EC1E464AAFFDA18593DB88 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7601.17514_none_89a197c9445dfde9\dfsc.sys

 

< MD5 for: DISK.SYS >

[2009.07.14 03:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys

[2009.07.14 03:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys

[2009.07.14 03:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

 

< MD5 for: EXPLORER.EXE >

[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe

[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe

[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe

[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe

[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe

[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe

[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe

[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe

[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe

[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

 

< MD5 for: I8042PRT.SYS >

[2009.07.14 01:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\System32\drivers\i8042prt.sys

[2009.07.14 01:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_50ad659974198591\i8042prt.sys

[2009.07.14 01:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_x86_neutral_7a9084e0177406eb\i8042prt.sys

[2009.07.14 01:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_9724c3fc3a4c81ef\i8042prt.sys

[2009.07.14 01:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_9955d7c4373b0589\i8042prt.sys

[2009.07.14 01:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_4e0a61a033aec8c3\i8042prt.sys

 

< MD5 for: IASTOR.SYS >

[2011.05.20 19:43:02 | 000,461,592 | ---- | M] (Intel Corporation) MD5=DB81F413FA4E3F328CAD7B5D59EF3F21 -- C:\Windows\System32\drivers\iaStor.sys

[2011.05.20 19:43:02 | 000,461,592 | ---- | M] (Intel Corporation) MD5=DB81F413FA4E3F328CAD7B5D59EF3F21 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_5617f4bb31b97c4d\iaStor.sys

 

< MD5 for: LSASS.EXE >

[2011.11.17 09:09:25 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=05F38CB7CAB3CE8E9A1812D517DA93EF -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_a69c8e86d7476262\lsass.exe

[2011.11.17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\erdnt\cache\lsass.exe

[2011.11.17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\System32\lsass.exe

[2011.11.17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\lsass.exe

[2011.11.17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_a828bb43bb2beb28\lsass.exe

[2012.06.02 06:40:31 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=A6034689ACF9D14973F8384AD5A5451E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21225_none_a6eb42a4d70be51e\lsass.exe

[2011.11.17 07:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_a66c9bbdbde5f8fa\lsass.exe

[2011.11.17 07:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_a656d407bdf6641e\lsass.exe

[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe

[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe

[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe

[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe

[2012.06.02 06:51:22 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FA7B950E4CA6AA260C4EABA19E03644D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_a8d76e24d42eb666\lsass.exe

[2011.11.17 07:24:04 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FBCB2DFA40862DAA7B1534C9538208A5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsass.exe

 

< MD5 for: NETBT.SYS >

[2010.11.20 10:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\System32\drivers\netbt.sys

[2010.11.20 10:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys

[2009.07.14 01:12:21 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=DD52A733BF4CA5AF84562A5E2F963B91 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys

 

< MD5 for: SERIAL.SYS >

[2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=5FB7FCEA0490D821F26F39CC5EA3D1E2 -- C:\Windows\System32\drivers\serial.sys

[2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=5FB7FCEA0490D821F26F39CC5EA3D1E2 -- C:\Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys

[2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=5FB7FCEA0490D821F26F39CC5EA3D1E2 -- C:\Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serial.sys

 

< MD5 for: SERVICES.EXE >

[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe

[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe

[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

 

< MD5 for: SVCHOST.EXE >

[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe

[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe

[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

 

< MD5 for: TCPIP.SYS >

[2011.04.25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d cpip.sys

[2011.06.21 07:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466 cpip.sys

[2011.09.29 18:02:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1 cpip.sys

[2011.04.25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0 cpip.sys

[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667 cpip.sys

[2010.11.20 14:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01 cpip.sys

[2011.09.29 18:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566 cpip.sys

[2012.03.30 12:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8 cpip.sys

[2011.09.29 17:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86 cpip.sys

[2011.09.29 18:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5 cpip.sys

[2011.04.25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444 cpip.sys

[2012.03.30 12:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\erdnt\cache cpip.sys

[2012.03.30 12:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\System32\drivers cpip.sys

[2012.03.30 12:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7 cpip.sys

[2011.04.25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5 cpip.sys

[2012.03.30 11:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104 cpip.sys

[2011.06.21 07:30:45 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=93C444D118B184452132357C322124CD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_b3703df4e0e237e0 cpip.sys

[2011.06.21 07:39:53 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=C2DAAEB48F3A47C410B041A0D2382EE1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_b32e82b7c78da1d1 cpip.sys

[2011.06.21 08:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6 cpip.sys

[2012.03.30 12:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871 cpip.sys

 

< MD5 for: USERINIT.EXE >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 

< MD5 for: VOLSNAP.SYS >

[2009.07.14 03:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys

[2010.11.20 14:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\drivers\volsnap.sys

[2010.11.20 14:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys

[2010.11.20 14:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

 

< MD5 for: WININIT.EXE >

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\erdnt\cache\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 

< MD5 for: WINLOGON.EXE >

[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

 

< End of report >

 

 

Не знам защо, не ми излезе Extras.

Link to comment
Сподели другаде
Night_Raven Ентусиаст

Night_Raven

Публикувано
Публикувано

Да видим дали ще можем да изтрием една папка.

 

Изтегли OTS и го запази на работния плот. Стартирай го, в полето в дясната част на прозореца постави следния текст (Copy/Paste), след което кликни бутон Run Fix:

[unregister Dlls]
[Custom Scans]
NY -> %APPDATA% -> c:\windows\system32\%APPDATA%
[Empty Temp Folders]
[CreateRestorePoint]

 

След това изготви отново дневник с OTL, както направи предния път.

Link to comment
Сподели другаде
mst Новобранец

mst

Публикувано
Публикувано

Отново не ми излиза Extras.

 

OTL logfile created on: 3.8.2012 г. 18:45:38 - Run 4

OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\LittleJimmy\Desktop

Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: d.M.yyyy 'г.'

 

1,98 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 48,26% Memory free

3,97 Gb Paging File | 2,40 Gb Available in Paging File | 60,41% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 189,79 Gb Total Space | 76,15 Gb Free Space | 40,12% Space Free | Partition Type: NTFS

Drive D: | 406,38 Gb Total Space | 98,43 Gb Free Space | 24,22% Space Free | Partition Type: NTFS

Drive F: | 671,04 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: JIMMY | User Name: LittleJimmy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012.08.01 13:27:06 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\LittleJimmy\Desktop\OTL.exe

PRC - [2012.07.30 14:21:20 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe

PRC - [2012.07.18 12:23:09 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2012.05.24 09:29:18 | 000,880,496 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe

PRC - [2012.03.30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe

PRC - [2011.12.06 05:12:16 | 000,404,992 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2011.12.06 05:11:44 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

PRC - [2011.11.24 05:29:22 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2011.09.22 22:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

PRC - [2011.09.22 22:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

PRC - [2011.08.02 09:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe

PRC - [2011.07.28 19:52:06 | 000,018,472 | ---- | M] (WeGame.com, Inc.) -- C:\Program Files\WeGame\wgclientservice.exe

PRC - [2011.06.02 06:16:12 | 000,539,416 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

PRC - [2011.05.20 20:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32 askhost.exe

PRC - [2010.10.06 07:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010.10.06 07:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2008.03.20 02:52:44 | 000,166,520 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

PRC - [2008.03.20 02:52:38 | 000,051,816 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012.07.30 14:21:20 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_268.dll

MOD - [2012.07.18 12:23:08 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2012.06.13 03:25:36 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll

MOD - [2012.06.13 03:25:27 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll

MOD - [2012.06.13 03:25:15 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012.06.13 03:25:09 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012.06.13 03:25:04 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll

MOD - [2012.06.13 02:30:40 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll

MOD - [2012.05.12 07:23:18 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll

MOD - [2012.05.12 06:55:00 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll

MOD - [2012.05.12 06:54:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll

MOD - [2012.05.12 06:54:07 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dll

MOD - [2012.05.12 06:54:07 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll

MOD - [2012.05.12 06:54:07 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll

MOD - [2012.05.12 06:53:57 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll

MOD - [2012.05.12 06:53:53 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012.05.12 06:53:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012.05.12 06:53:41 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012.05.12 06:53:34 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2011.12.06 08:10:38 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

MOD - [2011.11.24 05:29:08 | 000,349,504 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] -- C:\Users\LittleJimmy\AppData\Local\Temp\7zS0D48\hpslpsvc32.dll -- (HPSLPSVC)

SRV - [2012.08.03 09:08:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.07.18 12:23:08 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.03.30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)

SRV - [2012.01.19 05:31:59 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.12.07 13:00:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2011.12.06 05:11:44 | 000,163,328 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2011.11.24 05:29:22 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2011.09.22 22:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)

SRV - [2011.07.28 19:52:06 | 000,018,472 | ---- | M] (WeGame.com, Inc.) [Auto | Running] -- C:\Program Files\WeGame\wgclientservice.exe -- (WeGameClientService)

SRV - [2011.05.20 20:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010.10.06 07:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010.10.06 07:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008.12.12 13:20:08 | 000,095,896 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\RpcAgentSrv.exe -- (SandraAgentSrv)

SRV - [2008.03.20 02:52:44 | 000,166,520 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)

SRV - [2008.03.20 02:52:38 | 000,051,816 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\dump_wmimmc.sys -- (dump_wmimmc)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\LITTLE~1\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\acnzjhyt.sys -- (acnzjhyt)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a2ihxyzy)

DRV - [2011.12.06 05:44:22 | 009,067,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)

DRV - [2011.12.06 04:11:50 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)

DRV - [2011.11.24 06:54:00 | 011,147,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2011.10.17 19:40:44 | 000,085,520 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)

DRV - [2011.09.24 01:50:46 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV - [2011.09.24 01:49:27 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2011.09.22 20:44:44 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)

DRV - [2011.09.21 20:25:34 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)

DRV - [2011.08.10 00:24:52 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)

DRV - [2011.08.04 19:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)

DRV - [2011.08.04 19:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)

DRV - [2011.08.04 00:20:38 | 000,016,128 | ---- | M] (RSJ Software GmbH) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\vproiah.sys -- (vproiah)

DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010.10.19 23:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)

DRV - [2009.08.08 08:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\WNt500x86\sandra.sys -- (SANDRA)

DRV - [2009.05.24 09:51:00 | 000,014,848 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\unisofthid.sys -- (unisofthid)

DRV - [2007.07.15 03:37:04 | 000,027,992 | ---- | M] (EnTech Taiwan) [Kernel | System | Running] -- C:\Windows\System32\drivers\pstrip.sys -- (PStrip)

DRV - [2007.06.25 07:56:54 | 000,038,920 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)

DRV - [2007.06.25 07:56:40 | 000,027,656 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)

DRV - [2007.06.25 07:56:34 | 000,034,312 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)

DRV - [2007.03.06 06:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT)

DRV - [2007.03.06 06:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BtHidMgr.sys -- (BTHidMgr)

DRV - [2007.03.06 06:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\VBTEnum.sys -- (BTHidEnum)

DRV - [2007.03.06 06:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)

DRV - [2007.03.06 06:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)

DRV - [2007.02.16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)

DRV - [2005.01.03 08:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)

 

 

========== Standard Registry (All) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

 

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

 

IE - HKU\S-1-5-21-132208950-3660432363-3532671861-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKU\S-1-5-21-132208950-3660432363-3532671861-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-21-132208950-3660432363-3532671861-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/

IE - HKU\S-1-5-21-132208950-3660432363-3532671861-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg

IE - HKU\S-1-5-21-132208950-3660432363-3532671861-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 E0 8C AF 0E A6 CC 01 [binary data]

IE - HKU\S-1-5-21-132208950-3660432363-3532671861-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-132208950-3660432363-3532671861-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-132208950-3660432363-3532671861-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-132208950-3660432363-3532671861-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100489&mntrId=e0af1b0f00000000000000ff71aad347

IE - HKU\S-1-5-21-132208950-3660432363-3532671861-1000\..\SearchScopes\{353944CD-FBDB-4A6B-813F-AA90F0065496}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox

IE - HKU\S-1-5-21-132208950-3660432363-3532671861-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

IE - HKU\S-1-5-21-132208950-3660432363-3532671861-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Fiesta Bar Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT670374&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.startup.homepage: "zamunda.net"

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT670374&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()

FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found

FF - HKLM\Software\MozillaPlugins\@iahgames.com/prodown: C:\Program Files\IAHgames\Playfast\npiahpd.dll (RSJ Software GmbH)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@rsj.de/prodown: File not found

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\LittleJimmy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\LittleJimmy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.25 18:23:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 12:23:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.13 23:19:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.11.12 06:59:34 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.25 18:23:43 | 000,000,000 | ---D | M]

 

[2011.08.24 02:13:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LittleJimmy\AppData\Roaming\Mozilla\Extensions

[2012.06.03 21:24:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LittleJimmy\AppData\Roaming\Mozilla\Firefox\Profiles\938udgwm.default\extensions

[2012.05.31 16:58:00 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\LittleJimmy\AppData\Roaming\Mozilla\Firefox\Profiles\938udgwm.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}

[2012.05.31 07:00:16 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\LittleJimmy\AppData\Roaming\Mozilla\Firefox\Profiles\938udgwm.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

[2012.05.20 19:15:16 | 000,000,000 | ---D | M] (Fiesta Bar Community Toolbar) -- C:\Users\LittleJimmy\AppData\Roaming\Mozilla\Firefox\Profiles\938udgwm.default\extensions\{e26f8e74-7ae2-45df-9069-93d88f40c9fd}

[2012.06.03 21:24:04 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\LittleJimmy\AppData\Roaming\Mozilla\Firefox\Profiles\938udgwm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2012.01.03 08:55:18 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\LittleJimmy\AppData\Roaming\Mozilla\Firefox\Profiles\938udgwm.default\extensions\battlefieldplay4free@ea.com

[2011.12.15 21:00:44 | 000,000,000 | ---D | M] (U2bview Firefox Add-on) -- C:\Users\LittleJimmy\AppData\Roaming\Mozilla\Firefox\Profiles\938udgwm.default\extensions\noreply@u2bviews.com

[2012.06.28 19:48:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LittleJimmy\AppData\Roaming\Mozilla\Firefox\Profiles\sg1u4j1a.default-1340783415446\extensions

[2012.01.04 11:33:40 | 000,000,921 | ---- | M] () -- C:\Users\LittleJimmy\AppData\Roaming\Mozilla\Firefox\Profiles\938udgwm.default\searchplugins\conduit.xml

[2012.01.22 04:13:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012.07.18 12:23:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2011.12.15 21:31:38 | 000,061,854 | ---- | M] () (No name found) -- C:\USERS\LITTLEJIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\938UDGWM.DEFAULT\EXTENSIONS\YTVDW@PGPORT.COM.XPI

[2012.07.18 12:23:09 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2007.04.30 16:29:22 | 000,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll

[2011.11.03 19:18:18 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.09.30 08:01:11 | 000,001,083 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\911bg.xml

[2011.09.30 08:01:11 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2011.11.30 06:21:29 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

[2011.09.30 08:01:11 | 000,002,442 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\diribg.xml

[2012.07.18 12:23:07 | 000,003,368 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2011.09.30 08:01:11 | 000,001,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pe-bg.xml

[2011.09.30 08:01:11 | 000,001,857 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\portalbgdict.xml

[2011.09.30 08:01:11 | 000,001,220 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-bg.xml

 

========== Chrome ==========

 

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\LittleJimmy\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\LittleJimmy\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\LittleJimmy\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll

CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: IAHGames (Enabled) = C:\Program Files\IAHgames\Playfast\npiahpd.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll

CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll

CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll

CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll

CHR - plugin: Google Update (Enabled) = C:\Users\LittleJimmy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - Extension: YouTube = C:\Users\LittleJimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: Google \u0422\u044A\u0440\u0441\u0435\u043D\u0435 = C:\Users\LittleJimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: Gmail = C:\Users\LittleJimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

 

O1 HOSTS File: ([2012.07.31 14:55:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O4 - HKLM..\Run: [bingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)

O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-21-132208950-3660432363-3532671861-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-132208950-3660432363-3532671861-1000..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - HKU\S-1-5-21-132208950-3660432363-3532671861-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-132208950-3660432363-3532671861-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-132208950-3660432363-3532671861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-132208950-3660432363-3532671861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.55.0.1 0.0.0.0

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FB06BCE-1163-4997-9F4A-10CF01275F42}: DhcpNameServer = 10.55.0.1 0.0.0.0

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13FF18AE-AA40-4CEE-9B9B-F9EFEA323690}: DhcpNameServer = 10.55.0.1 0.0.0.0

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52CBBCCC-7105-4DE0-BD5A-7D608ACDF4C3}: DhcpNameServer = 10.55.0.1 0.0.0.0

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE0276BE-4C50-4B12-A561-F5A575B5B462}: DhcpNameServer = 10.55.0.1 0.0.0.0

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler v {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32 spkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2005.11.04 08:24:50 | 000,000,000 | ---D | M] - F:\AutoRun -- [ CDFS ]

O32 - AutoRun File - [2005.11.04 07:52:23 | 000,729,088 | R--- | M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2005.10.14 10:02:16 | 000,585,728 | R--- | M] (Electronic Arts Inc.) - F:\AutoRunGUI.dll -- [ CDFS ]

O32 - AutoRun File - [2005.11.04 08:22:30 | 000,000,160 | R--- | M] () - F:\autorun.inf -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk - C:\Program Files\GamersFirst\LIVE!\Live.exe - (GamersFirst)

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - - File not found

MsConfig - StartUpFolder: C:^Users^LittleJimmy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerStrip.lnk - C:\Program Files\PowerStrip\PStrip.exe - (EnTech Taiwan)

MsConfig - StartUpReg: KPeerNexonEU - hkey= - key= - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)

MsConfig - StartUpReg: RGSC - hkey= - key= - C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)

MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)

MsConfig - State: "startup" - 2

 

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS - File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS - File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

========== Files/Folders - Created Within 90 Days ==========

 

[2012.08.03 07:07:57 | 000,000,000 | ---D | C] -- C:\_OTS

[2012.08.03 07:07:35 | 000,646,656 | ---- | C] (OldTimer Tools) -- C:\Users\LittleJimmy\Desktop\OTS.exe

[2012.08.01 13:27:03 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\LittleJimmy\Desktop\OTL.exe

[2012.08.01 13:26:39 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\LittleJimmy\Desktop\OTL.exe.part

[2012.08.01 06:54:43 | 000,694,833 | ---- | C] (Farbar) -- C:\Users\LittleJimmy\Desktop\FSS.exe

[2012.07.31 14:57:33 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\AppData\Local emp

[2012.07.31 14:55:36 | 000,000,000 | ---D | C] -- C:\Windows emp

[2012.07.31 14:45:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012.07.31 14:45:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012.07.31 14:45:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012.07.31 14:44:56 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.07.31 14:44:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012.07.31 14:43:32 | 004,721,982 | R--- | C] (Swearware) -- C:\Users\LittleJimmy\Desktop\ComboFix.exe

[2012.07.31 13:32:48 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\Documents\otl

[2012.07.30 15:53:10 | 000,108,032 | ---- | C] (Pz Crack Team) -- C:\Users\LittleJimmy\Documents\Flex Type Key Generator.EXE

[2012.07.30 15:48:39 | 000,108,032 | ---- | C] (Pz Crack Team) -- C:\Users\LittleJimmy\Documents\FlexType2kKeygen.EXE

[2012.07.30 15:27:35 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\AppData\Roaming\SUPERAntiSpyware.com

[2012.07.30 15:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012.07.30 15:27:04 | 018,848,984 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\LittleJimmy\Documents\SUPERAntiSpyware.exe

[2012.07.30 15:14:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012.07.30 15:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle

[2012.07.30 15:13:19 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll

[2012.07.30 15:13:19 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2012.07.30 15:11:10 | 000,893,936 | ---- | C] (Oracle Corporation) -- C:\Users\LittleJimmy\Documents\jxpiinstall.exe

[2012.07.30 14:46:19 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\DoctorWeb

[2012.07.30 08:06:42 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\AppData\Roaming\Malwarebytes

[2012.07.30 08:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.07.20 21:50:04 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\Documents\NFS Most Wanted

[2012.07.19 21:43:14 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\Desktop\comersialno

[2012.07.19 14:05:58 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\Documents\NFS ProStreet

[2012.07.06 10:45:49 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\AppData\Roaming\Opera

[2012.07.06 10:45:49 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\AppData\Local\Opera

[2012.07.06 10:45:42 | 000,000,000 | ---D | C] -- C:\Program Files\Opera

[2012.07.02 10:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX - Eidos Interactive

[2012.06.26 20:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2012.06.26 20:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop

[2012.06.26 20:51:38 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0

[2012.06.26 07:29:16 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\AppData\Local\HP

[2012.06.25 18:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG

[2012.06.25 18:26:54 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\AppData\Roaming\HP

[2012.06.25 18:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant

[2012.06.25 18:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

[2012.06.25 18:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard

[2012.06.25 18:21:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP

[2012.06.25 18:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\HP

[2012.06.25 18:17:08 | 000,675,840 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpowiav1.dll

[2012.06.25 18:17:08 | 000,452,408 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll

[2012.06.25 18:17:08 | 000,303,104 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpovst01.dll

[2012.06.25 18:17:07 | 000,573,440 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpotscl1.dll

[2012.06.25 17:21:09 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\AppData\Roaming\HP DESKJET F380 Driver Utility

[2012.06.25 17:20:31 | 002,025,987 | ---- | C] (Lavians Inc. ) -- C:\Users\LittleJimmy\Desktop\hp-deskjet-f380-driver-utility.exe

[2012.06.24 18:43:23 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\AppData\Local\Macromedia

[2012.06.20 20:42:05 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\AppData\Local\pLan

[2012.06.19 20:53:10 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\AppData\Local\NFS Underground 2

[2012.06.17 21:21:40 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012.06.15 11:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core

[2012.06.15 11:15:46 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\Documents\FIFA 09

[2012.06.13 23:36:49 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\Documents\FIFA 08

[2012.05.22 20:42:51 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\Documents\FIFA 2005

[2012.05.22 19:54:26 | 000,000,000 | ---D | C] -- C:\Users\LittleJimmy\AppData\Roaming\Rovio

[2012.05.20 16:19:04 | 015,577,088 | ---- | C] (Disney Interactive Studios) -- C:\Users\LittleJimmy\Desktop\Game-TS3.exe

[2012.05.19 13:00:49 | 001,703,936 | ---- | C] (NCT Company) -- C:\Windows\System32\NCTAudioFile.dll

[2012.05.19 13:00:49 | 000,892,928 | ---- | C] (NCT Company) -- C:\Windows\System32\NCTAudioInformation.dll

[2012.05.19 13:00:49 | 000,503,808 | ---- | C] (NCT Company) -- C:\Windows\System32\NCTAudioEditor.dll

[2012.05.19 13:00:49 | 000,339,968 | ---- | C] (NCT Company) -- C:\Windows\System32\NCTAudioTransform.dll

[2012.05.19 13:00:49 | 000,327,680 | ---- | C] (NCT Company) -- C:\Windows\System32\NCTAudioGrabber.dll

[2012.05.19 13:00:49 | 000,290,816 | ---- | C] (NCT Company) -- C:\Windows\System32\NCTWMAFile.dll

[2012.05.19 13:00:49 | 000,282,624 | ---- | C] (NCT Company) -- C:\Windows\System32\NCTAudioVisualization.dll

[2012.05.19 13:00:49 | 000,274,432 | ---- | C] (NCT Company) -- C:\Windows\System32\NCTAudioRecord.dll

[2012.05.19 13:00:49 | 000,274,432 | ---- | C] (NCT Company) -- C:\Windows\System32\NCTAudioPlayer.dll

[2012.05.19 13:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 To Ringtone Gold

[2012.05.19 13:00:49 | 000,000,000 | ---D | C] -- C:\AnMingringtone

[2012.05.19 13:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\AnMing

[2010.09.21 10:04:10 | 007,054,080 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Program Files s3client_win32.exe

[2010.05.18 14:46:32 | 000,397,312 | ---- | C] (Firelight Technologies) -- C:\Program Files\fmodex.dll

 

========== Files - Modified Within 90 Days ==========

 

[2012.08.03 18:31:00 | 000,001,032 | ---- | M] () -- C:\Windows asks\GoogleUpdateTaskUserS-1-5-21-132208950-3660432363-3532671861-1000UA.job

[2012.08.03 18:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat

[2012.08.03 18:08:00 | 000,000,830 | ---- | M] () -- C:\Windows asks\Adobe Flash Player Updater.job

[2012.08.03 18:00:00 | 000,000,456 | ---- | M] () -- C:\Windows asks\ParetoLogic Registration3.job

[2012.08.03 09:08:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012.08.03 09:08:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012.08.03 07:16:36 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.08.03 07:16:36 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.08.03 07:13:38 | 000,661,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.08.03 07:13:38 | 000,125,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.08.03 07:09:11 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2012.08.03 07:09:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.08.03 07:09:04 | 1597,378,560 | -HS- | M] () -- C:\hiberfil.sys

[2012.08.03 07:07:41 | 000,646,656 | ---- | M] (OldTimer Tools) -- C:\Users\LittleJimmy\Desktop\OTS.exe

[2012.08.01 13:27:06 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\LittleJimmy\Desktop\OTL.exe

[2012.08.01 13:26:47 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\LittleJimmy\Desktop\OTL.exe.part

[2012.08.01 06:54:48 | 000,694,833 | ---- | M] (Farbar) -- C:\Users\LittleJimmy\Desktop\FSS.exe

[2012.08.01 05:31:00 | 000,000,980 | ---- | M] () -- C:\Windows asks\GoogleUpdateTaskUserS-1-5-21-132208950-3660432363-3532671861-1000Core.job

[2012.07.31 14:55:37 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012.07.31 14:43:48 | 004,721,982 | R--- | M] (Swearware) -- C:\Users\LittleJimmy\Desktop\ComboFix.exe

[2012.07.31 13:33:24 | 000,051,060 | ---- | M] () -- C:\Users\LittleJimmy\Documents\otl.rar

[2012.07.30 23:15:23 | 004,312,546 | ---- | M] () -- C:\Users\LittleJimmy\Desktop\Nicole Scherzinger - Baby Love ft. will.i.am.mp3

[2012.07.30 23:11:40 | 010,345,579 | ---- | M] () -- C:\Users\LittleJimmy\Desktop\50 Cent ft Nicole Scherzinger - Right there (heminei.com) (36614).mp3

[2012.07.30 23:09:48 | 010,458,962 | ---- | M] () -- C:\Users\LittleJimmy\Desktop\Nicole Scherzinger - Dont Hold Your Breath (Kaskade Club Mix) (heminei.com) (44011).mp3

[2012.07.30 22:51:38 | 003,245,080 | ---- | M] () -- C:\Users\LittleJimmy\Desktop\Ciara and Missy Eliott - 1, 2 Step (heminei.com) (29138).mp3

[2012.07.30 22:47:23 | 005,759,178 | ---- | M] () -- C:\Users\LittleJimmy\Desktop\Ciara - Like a boy (heminei.com) (22315).mp3

[2012.07.30 22:44:49 | 008,862,775 | ---- | M] () -- C:\Users\LittleJimmy\Desktop\Keri Hilson - I Like (heminei.com) (13695).mp3

[2012.07.30 22:42:39 | 008,901,637 | ---- | M] () -- C:\Users\LittleJimmy\Desktop\Keri Hilson ft. Nelly - Lose Control (heminei.com) (25669).mp3

[2012.07.30 22:37:20 | 006,111,862 | ---- | M] () -- C:\Users\LittleJimmy\Desktop\Chris Brown - With You (heminei.com) (29225).mp3

[2012.07.30 15:53:11 | 000,108,032 | ---- | M] (Pz Crack Team) -- C:\Users\LittleJimmy\Documents\Flex Type Key Generator.EXE

[2012.07.30 15:48:39 | 000,108,032 | ---- | M] (Pz Crack Team) -- C:\Users\LittleJimmy\Documents\FlexType2kKeygen.EXE

[2012.07.30 15:27:21 | 018,848,984 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\LittleJimmy\Documents\SUPERAntiSpyware.exe

[2012.07.30 15:12:55 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2012.07.30 15:12:55 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2012.07.30 15:11:22 | 000,893,936 | ---- | M] (Oracle Corporation) -- C:\Users\LittleJimmy\Documents\jxpiinstall.exe

[2012.07.30 15:04:59 | 000,071,766 | ---- | M] () -- C:\Users\LittleJimmy\Documents\cc_20120730_150452.reg

[2012.07.22 08:47:39 | 000,139,048 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2012.07.20 21:45:23 | 000,000,982 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk

[2012.07.20 09:22:29 | 000,103,736 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0

[2012.07.11 03:20:47 | 000,277,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.07.10 17:44:08 | 000,282,296 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr

[2012.07.06 10:45:44 | 000,001,775 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk

[2012.07.05 22:06:48 | 000,227,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2012.07.05 22:06:30 | 000,772,544 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll

[2012.07.05 22:06:20 | 000,687,544 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll

[2012.07.02 10:31:11 | 000,001,264 | ---- | M] () -- C:\Users\Public\Desktop\Lara Croft and the Guardian of Light.lnk

[2012.06.27 09:48:13 | 000,010,350 | ---- | M] () -- C:\Users\LittleJimmy\Documents\cc_20120627_094809.reg

[2012.06.26 20:59:21 | 000,001,407 | ---- | M] () -- C:\Users\LittleJimmy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012.06.26 20:56:00 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

[2012.06.26 20:49:12 | 000,061,670 | ---- | M] () -- C:\Users\LittleJimmy\Documents\cc_20120626_204906.reg

[2012.06.25 18:26:45 | 000,221,280 | ---- | M] () -- C:\Windows\hpoins19.dat

[2012.06.25 18:23:31 | 000,002,125 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk

[2012.06.25 18:22:44 | 000,001,273 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk

[2012.06.25 18:22:37 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk

[2012.06.25 18:22:19 | 000,002,069 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[2012.06.25 17:52:06 | 380,301,136 | ---- | M] () -- C:\Users\LittleJimmy\Desktop\AIO_CDB_NonNet_Full_Win_WW_130_141.exe

[2012.06.25 17:20:44 | 002,025,987 | ---- | M] (Lavians Inc. ) -- C:\Users\LittleJimmy\Desktop\hp-deskjet-f380-driver-utility.exe

[2012.06.19 20:51:23 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed Underground 2.lnk

[2012.06.15 11:14:09 | 000,001,557 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 09.lnk

[2012.06.03 13:10:41 | 000,010,240 | ---- | M] () -- C:\Users\LittleJimmy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.05.30 16:44:12 | 000,000,111 | ---- | M] () -- C:\Users\LittleJimmy\Desktop oy2.err

[2012.05.15 14:44:30 | 000,052,085 | ---- | M] () -- C:\Users\LittleJimmy\Desktop\how.i.met.your.mother.s07e23e24(subsunacs.net).rar

[2012.05.09 20:33:57 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 12.lnk

 

========== Files Created - No Company Name ==========

 

[2012.07.31 14:45:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012.07.31 14:45:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012.07.31 14:45:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012.07.31 14:45:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012.07.31 14:45:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012.07.31 13:33:24 | 000,051,060 | ---- | C] () -- C:\Users\LittleJimmy\Documents\otl.rar

[2012.07.30 23:14:58 | 004,312,546 | ---- | C] () -- C:\Users\LittleJimmy\Desktop\Nicole Scherzinger - Baby Love ft. will.i.am.mp3

[2012.07.30 23:11:31 | 010,345,579 | ---- | C] () -- C:\Users\LittleJimmy\Desktop\50 Cent ft Nicole Scherzinger - Right there (heminei.com) (36614).mp3

[2012.07.30 23:09:40 | 010,458,962 | ---- | C] () -- C:\Users\LittleJimmy\Desktop\Nicole Scherzinger - Dont Hold Your Breath (Kaskade Club Mix) (heminei.com) (44011).mp3

[2012.07.30 22:51:37 | 003,245,080 | ---- | C] () -- C:\Users\LittleJimmy\Desktop\Ciara and Missy Eliott - 1, 2 Step (heminei.com) (29138).mp3

[2012.07.30 22:47:16 | 005,759,178 | ---- | C] () -- C:\Users\LittleJimmy\Desktop\Ciara - Like a boy (heminei.com) (22315).mp3

[2012.07.30 22:44:37 | 008,862,775 | ---- | C] () -- C:\Users\LittleJimmy\Desktop\Keri Hilson - I Like (heminei.com) (13695).mp3

[2012.07.30 22:42:21 | 008,901,637 | ---- | C] () -- C:\Users\LittleJimmy\Desktop\Keri Hilson ft. Nelly - Lose Control (heminei.com) (25669).mp3

[2012.07.30 22:37:06 | 006,111,862 | ---- | C] () -- C:\Users\LittleJimmy\Desktop\Chris Brown - With You (heminei.com) (29225).mp3

[2012.07.30 15:04:54 | 000,071,766 | ---- | C] () -- C:\Users\LittleJimmy\Documents\cc_20120730_150452.reg

[2012.07.30 13:59:55 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl

[2012.07.20 21:45:23 | 000,000,982 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk

[2012.07.06 10:45:45 | 000,001,787 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk

[2012.07.06 10:45:44 | 000,001,775 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk

[2012.07.02 10:31:11 | 000,001,264 | ---- | C] () -- C:\Users\Public\Desktop\Lara Croft and the Guardian of Light.lnk

[2012.06.27 10:36:11 | 000,441,253 | R--- | C] () -- C:\Users\LittleJimmy\Documents\hosts

[2012.06.27 09:48:12 | 000,010,350 | ---- | C] () -- C:\Users\LittleJimmy\Documents\cc_20120627_094809.reg

[2012.06.26 20:56:00 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2012.06.26 20:49:09 | 000,061,670 | ---- | C] () -- C:\Users\LittleJimmy\Documents\cc_20120626_204906.reg

[2012.06.25 18:23:31 | 000,002,125 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk

[2012.06.25 18:22:55 | 000,001,024 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk

[2012.06.25 18:22:44 | 000,001,273 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk

[2012.06.25 18:22:37 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk

[2012.06.25 18:22:19 | 000,002,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[2012.06.25 18:17:31 | 000,221,280 | ---- | C] () -- C:\Windows\hpoins19.dat

[2012.06.25 18:17:31 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat

[2012.06.25 17:27:17 | 380,301,136 | ---- | C] () -- C:\Users\LittleJimmy\Desktop\AIO_CDB_NonNet_Full_Win_WW_130_141.exe

[2012.06.19 20:51:23 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed Underground 2.lnk

[2012.06.17 21:21:15 | 000,001,032 | ---- | C] () -- C:\Windows asks\GoogleUpdateTaskUserS-1-5-21-132208950-3660432363-3532671861-1000UA.job

[2012.06.17 21:21:15 | 000,000,980 | ---- | C] () -- C:\Windows asks\GoogleUpdateTaskUserS-1-5-21-132208950-3660432363-3532671861-1000Core.job

[2012.06.15 11:14:09 | 000,001,557 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 09.lnk

[2012.05.19 13:00:49 | 000,336,896 | ---- | C] () -- C:\Windows\System32\ammppg.dll

[2012.05.19 13:00:49 | 000,303,104 | ---- | C] () -- C:\Windows\System32\qscl.dll

[2012.05.19 13:00:49 | 000,233,472 | ---- | C] () -- C:\Windows\System32\lame_enc.dll

[2012.05.19 13:00:49 | 000,212,992 | ---- | C] () -- C:\Windows\System32\amrdec.dll

[2012.05.19 13:00:49 | 000,144,896 | ---- | C] () -- C:\Windows\System32\lame_dshow.ax

[2012.05.19 13:00:49 | 000,081,920 | ---- | C] () -- C:\Windows\System32\qcpsdk.dll

[2012.05.19 13:00:49 | 000,073,728 | ---- | C] () -- C:\Windows\System32\a1.dll

[2012.05.15 14:44:30 | 000,052,085 | ---- | C] () -- C:\Users\LittleJimmy\Desktop\how.i.met.your.mother.s07e23e24(subsunacs.net).rar

[2012.05.09 20:33:57 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 12.lnk

[2012.05.09 20:33:57 | 000,000,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 12.lnk

[2012.02.08 21:08:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2012.02.02 03:13:48 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2012.02.02 03:10:48 | 000,000,014 | ---- | C] () -- C:\Windows\GSetup.ini

[2012.02.02 02:53:15 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe

[2012.02.02 02:15:44 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll

[2012.01.24 03:24:31 | 000,000,265 | ---- | C] () -- C:\Windows\madagascar.ini

[2012.01.07 23:18:16 | 011,296,768 | ---- | C] () -- C:\Users\LittleJimmy\AppData\Roaming\Sandra.mdb

[2012.01.02 07:34:48 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat

[2011.12.26 06:15:58 | 000,000,277 | ---- | C] () -- C:\Windows\game.ini

[2011.12.17 20:00:57 | 000,003,423 | ---- | C] () -- C:\Users\LittleJimmy\AppData\Roaming\PStrip.bk!

[2011.12.17 19:53:13 | 000,009,132 | ---- | C] () -- C:\Users\LittleJimmy\AppData\Roaming\PStrip.bko

[2011.12.16 21:12:01 | 000,009,132 | ---- | C] () -- C:\Users\LittleJimmy\AppData\Roaming\PStrip.bak

[2011.12.16 21:06:09 | 000,009,132 | ---- | C] () -- C:\Users\LittleJimmy\AppData\Roaming\PStrip.ini

[2011.12.06 08:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll

[2011.12.06 08:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll

[2011.12.06 04:27:36 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat

[2011.12.06 04:27:36 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat

[2011.11.24 05:29:36 | 000,406,336 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe

[2011.11.14 21:47:22 | 000,608,507 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2011.09.24 21:24:45 | 000,010,240 | ---- | C] () -- C:\Users\LittleJimmy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.09.19 15:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\System32\rtvcvfw32.dll

[2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll

[2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll

[2011.09.13 02:06:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat

[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat

[2011.09.07 19:27:32 | 002,328,806 | ---- | C] () -- C:\Users\LittleJimmy\AppData\Roaming\47 DE

[2011.09.05 20:57:32 | 000,000,041 | --S- | C] () -- C:\ProgramData\.zreglib

[2011.09.05 20:28:06 | 000,000,099 | ---- | C] () -- C:\Users\LittleJimmy\AppData\Local\fusioncache.dat

[2011.09.02 04:00:49 | 000,139,048 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2011.09.02 04:00:49 | 000,138,056 | ---- | C] () -- C:\Users\LittleJimmy\AppData\Roaming\PnkBstrK.sys

[2011.09.02 04:00:29 | 000,282,296 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe

[2011.09.02 04:00:28 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

[2011.09.02 04:00:27 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe

[2011.09.01 07:10:12 | 000,000,004 | ---- | C] () -- C:\Users\LittleJimmy\AppData\Roaming\steam_md4.dat

[2011.08.26 04:44:03 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2011.08.24 02:52:29 | 000,028,672 | ---- | C] () -- C:\Windows\System32\newdll.dll

[2011.04.10 03:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2010.09.21 10:03:52 | 000,034,466 | ---- | C] () -- C:\Program Files\apps.ini

[2010.09.21 10:03:52 | 000,000,959 | ---- | C] () -- C:\Program Files\mirrors.ini

[2010.05.17 10:29:02 | 007,692,800 | ---- | C] () -- C:\Program Files\QtGui4.dll

[2010.03.25 11:57:36 | 002,066,944 | ---- | C] () -- C:\Program Files\QtCore4.dll

[2010.03.22 11:59:00 | 000,666,624 | ---- | C] () -- C:\Program Files\QtNetwork4.dll

 

========== LOP Check ==========

 

[2012.07.18 10:44:38 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\.minecraft

[2012.05.19 13:06:10 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\Audacity

[2011.11.30 06:21:28 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\Babylon

[2012.01.08 21:57:33 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\BANDISOFT

[2012.07.23 09:52:01 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\DAEMON Tools Lite

[2011.09.25 01:07:45 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\DAEMON Tools Pro

[2011.08.24 03:04:31 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\dll-files.com

[2012.01.25 06:38:20 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\DriverCure

[2011.09.22 20:45:20 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\GetRightToGo

[2011.09.05 20:13:42 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\ImgBurn

[2011.08.24 19:34:32 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\Leadertech

[2011.09.07 21:56:16 | 000,000,000 | R-SD | M] -- C:\Users\LittleJimmy\AppData\Roaming\main

[2011.11.12 07:04:30 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\MediaCenter Programs

[2012.01.20 20:56:45 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\MW3 FoV Changer

[2012.06.25 17:24:47 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\Nitro PDF

[2012.07.30 11:30:58 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\OpenCandy

[2012.07.06 10:45:49 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\Opera

[2011.12.05 22:09:43 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\Origin

[2011.09.01 06:46:08 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\PFStaticIP

[2011.08.24 04:29:35 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\Publish Providers

[2012.05.22 19:54:26 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\Rovio

[2012.02.02 08:01:24 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\Sony

[2011.08.25 08:53:16 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\Subversion

[2012.01.05 06:21:04 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\SystemRequirementsLab

[2011.10.06 06:36:52 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\TS3Client

[2011.10.19 07:54:33 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\Tunngle

[2012.08.03 18:49:09 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\uTorrent

[2012.02.02 08:28:04 | 000,000,000 | ---D | M] -- C:\Users\LittleJimmy\AppData\Roaming\Win7codecs

[2012.08.03 18:00:00 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job

[2012.04.12 03:21:07 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

< "%WinDir%\$NtUninstallKB*$." /30 >

 

< C:\Program Files\Common Files\ComObjects\*.* /s >

 

< %SYSTEMDRIVE%\*.* >

[2009.06.10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2011.08.04 10:04:14 | 000,000,223 | ---- | M] () -- C:\Boot.BAK

[2011.08.24 02:42:56 | 000,000,367 | RHS- | M] () -- C:\Boot.ini.saved

[2010.11.20 14:40:07 | 000,383,786 | R-S- | M] () -- C:\bootmgr

[2011.08.24 02:42:57 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2011.08.24 02:22:12 | 000,438,840 | R-S- | M] () -- C:\bootxe1

[2012.07.31 14:57:31 | 000,017,296 | ---- | M] () -- C:\ComboFix.txt

[2012.08.01 13:37:46 | 000,000,012 | ---- | M] () -- C:\COMMANDS.TXT

[2009.06.10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys

[2011.03.03 23:37:31 | 000,000,237 | ---- | M] () -- C:\debugInstaller.txt

[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt

[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt

[2007.11.07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt

[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt

[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt

[2007.11.07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt

[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt

[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt

[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt

[2007.11.07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini

[2012.08.03 07:09:04 | 1597,378,560 | -HS- | M] () -- C:\hiberfil.sys

[2007.11.07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini

[2007.11.07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll

[2007.11.07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll

[2007.11.07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll

[2007.11.07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll

[2007.11.07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll

[2007.11.07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll

[2007.11.07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll

[2007.11.07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll

[2007.11.07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll

[2010.11.17 07:13:14 | 000,000,000 | R-S- | M] () -- C:\IO.SYS

[2010.11.17 07:13:14 | 000,000,000 | R-S- | M] () -- C:\MSDOS.SYS

[2008.04.14 11:00:00 | 000,047,564 | R-S- | M] () -- C:\NTDETECT.COM

[2008.04.14 11:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2012.08.03 07:09:06 | 2129,838,080 | -HS- | M] () -- C:\pagefile.sys

[2000.10.15 17:17:40 | 000,005,583 | ---- | M] () -- C:\PCT.NFO

[2000.10.13 22:41:28 | 000,108,032 | ---- | M] (Pz Crack Team) -- C:\PZ_FT2K.EXE

[2008.03.23 09:54:51 | 000,105,230 | ---- | M] () -- C:\pz_ft2k.zip

[2011.11.06 06:58:13 | 000,002,000 | ---- | M] () -- C: stamps.log

[2011.11.30 06:23:10 | 000,000,237 | ---- | M] () -- C:\user.js

[2007.11.07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp

[2007.11.07 17:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab

[2007.11.07 17:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

[2011.08.24 02:22:12 | 000,171,136 | R-S- | M] () -- C:\XELD1

[2011.08.24 02:22:12 | 000,009,216 | R-S- | M] () -- C:\XELD1.1st

 

< %USERPROFILE%\*.* >

[2012.08.03 18:45:58 | 008,126,464 | --S- | M] () -- C:\Users\LittleJimmy\NTUSER.DAT

[2012.08.03 18:45:58 | 000,262,144 | --S- | M] () -- C:\Users\LittleJimmy\ntuser.dat.LOG1

[2011.08.24 02:06:57 | 000,000,000 | --S- | M] () -- C:\Users\LittleJimmy\ntuser.dat.LOG2

[2011.08.24 02:23:06 | 000,065,536 | -HS- | M] () -- C:\Users\LittleJimmy\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf

[2011.08.24 02:23:06 | 000,524,288 | -HS- | M] () -- C:\Users\LittleJimmy\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms

[2011.08.24 02:23:06 | 000,524,288 | -HS- | M] () -- C:\Users\LittleJimmy\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms

[2011.08.24 02:06:57 | 000,000,020 | -HS- | M] () -- C:\Users\LittleJimmy\ntuser.ini

 

< %USERPROFILE%\AppData\Local\*.* >

[2012.06.03 13:10:41 | 000,010,240 | ---- | M] () -- C:\Users\LittleJimmy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.09.05 20:28:06 | 000,000,099 | ---- | M] () -- C:\Users\LittleJimmy\AppData\Local\fusioncache.dat

[2012.06.25 18:28:02 | 000,062,248 | ---- | M] () -- C:\Users\LittleJimmy\AppData\Local\GDIPFONTCACHEV1.DAT

[2012.08.01 15:32:28 | 002,456,066 | -H-- | M] () -- C:\Users\LittleJimmy\AppData\Local\IconCache.db

 

< %USERPROFILE%\AppData\Roaming\*.* >

[2011.11.12 06:51:35 | 002,328,806 | ---- | M] () -- C:\Users\LittleJimmy\AppData\Roaming\47 DE

[2012.01.03 11:12:43 | 000,138,056 | ---- | M] () -- C:\Users\LittleJimmy\AppData\Roaming\PnkBstrK.sys

[2012.01.04 16:13:33 | 000,009,132 | ---- | M] () -- C:\Users\LittleJimmy\AppData\Roaming\PStrip.bak

[2011.12.16 21:14:34 | 000,003,423 | ---- | M] () -- C:\Users\LittleJimmy\AppData\Roaming\PStrip.bk!

[2012.01.01 18:24:08 | 000,009,132 | ---- | M] () -- C:\Users\LittleJimmy\AppData\Roaming\PStrip.bko

[2012.01.04 16:26:09 | 000,009,132 | ---- | M] () -- C:\Users\LittleJimmy\AppData\Roaming\PStrip.ini

[2011.12.10 11:33:58 | 011,296,768 | ---- | M] () -- C:\Users\LittleJimmy\AppData\Roaming\Sandra.mdb

[2011.09.01 07:10:12 | 000,000,004 | ---- | M] () -- C:\Users\LittleJimmy\AppData\Roaming\steam_md4.dat

 

< %ProgramData%\*.* >

[2011.09.06 02:21:39 | 000,000,041 | --S- | M] () -- C:\ProgramData\.zreglib

[2011.11.03 07:34:48 | 000,000,032 | R--- | M] () -- C:\ProgramData\hash.dat

[2012.06.25 18:26:46 | 000,001,586 | ---- | M] () -- C:\ProgramData\hpzinstall.log

 

< %CommonProgramFiles%\*.* >

 

< %PROGRAMFILES%\*.* >

[2010.09.21 10:03:52 | 000,034,466 | ---- | M] () -- C:\Program Files\apps.ini

[2010.09.21 10:04:10 | 000,074,179 | ---- | M] () -- C:\Program Files\changelog.txt

[2009.07.14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

[2010.05.18 14:46:32 | 000,397,312 | ---- | M] (Firelight Technologies) -- C:\Program Files\fmodex.dll

[2010.09.21 10:03:52 | 000,000,959 | ---- | M] () -- C:\Program Files\mirrors.ini

[2010.03.25 11:57:36 | 002,066,944 | ---- | M] () -- C:\Program Files\QtCore4.dll

[2010.05.17 10:29:02 | 007,692,800 | ---- | M] () -- C:\Program Files\QtGui4.dll

[2010.03.22 11:59:00 | 000,666,624 | ---- | M] () -- C:\Program Files\QtNetwork4.dll

[2010.09.21 10:04:10 | 007,054,080 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Program Files s3client_win32.exe

 

< %systemroot%\system32\config\systemprofile\AppData\Local\*.* >

 

< %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.* >

 

< %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* >

[2012.07.31 15:49:35 | 000,000,260 | ---- | M] () -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\wmpnsslog00.sqm

 

< %windir% emp\*.* >

 

< %windir%\system32\*. >

[2009.07.14 06:56:48 | 000,000,000 | ---D | M] -- C:\Windows\system32\0409

[2011.12.06 18:35:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\AdvancedInstallers

[2009.07.14 04:37:07 | 000,000,000 | ---D | M] -- C:\Windows\system32\ar-SA

[2009.07.14 04:37:07 | 000,000,000 | ---D | M] -- C:\Windows\system32\bg-BG

[2011.12.06 18:35:28 | 000,000,000 | ---D | M] -- C:\Windows\system32\Boot

[2012.07.11 03:02:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot

[2012.07.11 03:02:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot2

[2011.08.24 01:53:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\CodeIntegrity

[2009.07.14 06:56:47 | 000,000,000 | ---D | M] -- C:\Windows\system32\com

[2012.08.03 07:05:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\config

[2011.12.06 18:35:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\cs-CZ

[2011.12.06 18:35:58 | 000,000,000 | ---D | M] -- C:\Windows\system32\da-DK

[2009.07.14 04:37:07 | 000,000,000 | ---D | M] -- C:\Windows\system32\de-DE

[2012.04.11 20:43:03 | 000,000,000 | ---D | M] -- C:\Windows\system32\directx

[2011.12.06 18:35:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\Dism

[2012.07.31 14:53:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\drivers

[2012.06.26 20:54:13 | 000,000,000 | ---D | M] -- C:\Windows\system32\DriverStore

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\el-GR

[2011.12.06 18:35:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\en

[2012.06.26 20:57:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\en-US

[2011.12.06 18:35:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\es-ES

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\et-EE

[2011.12.06 18:15:25 | 000,000,000 | ---D | M] -- C:\Windows\system32\EventProviders

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\fi-FI

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\fr-FR

[2009.07.14 06:42:25 | 000,000,000 | ---D | M] -- C:\Windows\system32\FxsTmp

[2009.07.14 04:03:57 | 000,000,000 | ---D | M] -- C:\Windows\system32\GroupPolicy

[2009.07.14 04:03:57 | 000,000,000 | ---D | M] -- C:\Windows\system32\GroupPolicyUsers

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\he-IL

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\hr-HR

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\hu-HU

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\ias

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\icsxml

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\IME

[2009.07.14 04:05:45 | 000,000,000 | ---D | M] -- C:\Windows\system32\inetsrv

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\it-IT

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\ja-JP

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\ko-KR

[2011.09.02 04:00:27 | 000,000,000 | ---D | M] -- C:\Windows\system32\LogFiles

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\lt-LT

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\lv-LV

[2012.06.13 23:19:07 | 000,000,000 | ---D | M] -- C:\Windows\system32\Macromed

[2011.12.06 18:35:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\manifeststore

[2009.07.14 06:34:06 | 000,000,000 | --SD | M] -- C:\Windows\system32\Microsoft

[2012.07.11 03:18:27 | 000,000,000 | ---D | M] -- C:\Windows\system32\migration

[2011.12.06 18:35:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\migwiz

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\Msdtc

[2009.07.14 06:56:48 | 000,000,000 | ---D | M] -- C:\Windows\system32\MUI

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\nb-NO

[2012.06.01 20:50:45 | 000,000,000 | ---D | M] -- C:\Windows\system32\NDF

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\NetworkList

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\nl-NL

[2011.12.06 18:35:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\oobe

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\pl-PL

[2009.07.14 06:56:47 | 000,000,000 | ---D | M] -- C:\Windows\system32\Printing_Admin_Scripts

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-BR

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-PT

[2012.02.02 09:51:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\QuickTime

[2009.07.14 04:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\ras

[2009.07.14 09:19:12 | 000,000,000 | ---D | M] -- C:\Windows\system32\Recovery

[2011.08.24 02:42:06 | 000,000,000 | ---D | M] -- C:\Windows\system32\restore

[2009.07.14 04:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\ro-RO

[2012.02.02 03:12:48 | 000,000,000 | ---D | M] -- C:\Windows\system32\RTCOM

[2009.07.14 04:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\ru-RU

[2011.12.06 18:35:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\Setup

[2009.07.14 04:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\sk-SK

[2009.07.14 04:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\sl-SI

[2009.07.14 06:56:48 | 000,000,000 | ---D | M] -- C:\Windows\system32\slmgr

[2009.07.14 04:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\SMI

[2009.07.14 06:52:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\Speech

[2009.07.14 06:41:18 | 000,000,000 | ---D | M] -- C:\Windows\system32\spool

[2009.07.14 04:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\spp

[2011.12.06 18:35:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\sppui

[2011.12.06 18:16:07 | 000,000,000 | ---D | M] -- C:\Windows\system32\SPReview

[2009.07.14 04:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\sr-Latn-CS

[2009.07.14 04:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\sv-SE

[2011.12.06 18:35:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\sysprep

[2012.07.30 15:40:21 | 000,000,000 | ---D | M] -- C:\Windows\system32\Tasks

[2009.07.14 04:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32 h-TH

[2009.07.14 04:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32 r-TR

[2009.07.14 04:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\uk-UA

[2011.09.02 04:03:18 | 000,000,000 | ---D | M] -- C:\Windows\system32\URTTEMP

[2011.12.07 13:00:41 | 000,000,000 | ---D | M] -- C:\Windows\system32\Wat

[2011.12.06 18:35:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\wbem

[2009.07.14 06:56:48 | 000,000,000 | ---D | M] -- C:\Windows\system32\WCN

[2011.09.07 19:50:07 | 000,000,000 | ---D | M] -- C:\Windows\system32\wdi

[2009.07.14 06:54:47 | 000,000,000 | ---D | M] -- C:\Windows\system32\wfp

[2009.07.14 06:52:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\WinBioDatabase

[2009.07.14 06:56:48 | 000,000,000 | ---D | M] -- C:\Windows\system32\WinBioPlugIns

[2009.07.14 06:52:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\WindowsPowerShell

[2009.07.14 04:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\winevt

[2009.07.14 06:56:48 | 000,000,000 | ---D | M] -- C:\Windows\system32\winrm

[2011.10.23 17:00:42 | 000,000,000 | ---D | M] -- C:\Windows\system32\xlive

[2009.07.14 04:37:10 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-CN

[2009.07.14 04:37:10 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-HK

[2009.07.14 04:37:10 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-TW

 

< %Temp%\smtmp\1\*.* >

 

< %Temp%\smtmp\2\*.* >

 

< %Temp%\smtmp\3\*.* >

 

< %Temp%\smtmp\4\*.* >

 

< %systemroot%\system32\DBBK\*.* /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /90 >

[2012.06.02 06:40:59 | 000,369,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\cng.sys

[2012.06.02 06:45:04 | 000,067,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecdd.sys

[2012.06.02 06:45:03 | 000,134,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecpkg.sys

[2012.07.22 08:47:39 | 000,139,048 | ---- | M] () -- C:\Windows\system32\drivers\PnkBstrK.sys

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

[2011.09.24 01:50:46 | 000,443,448 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2009.07.14 03:15:26 | 000,090,624 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\HPZPPWN7.DLL

[2009.07.14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll

[2010.11.20 14:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\winprint.dll

 

< %systemroot%\*. /rp /s >

 

< %systemroot%\assembly mp\*.* /S /MD5 >

 

< %systemroot%\assembly emp\*.* /S /MD5 >

 

< %systemroot%\assembly\GAC_32\*.* /S /MD5 >

[2010.11.20 14:32:20 | 000,238,080 | ---- | M] () MD5=D6D26A698BCCD17AB0761E6221C5F3C4 -- C:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll

[2010.11.05 03:57:39 | 000,069,120 | ---- | M] () MD5=C80DA476BFBAD97D874A0EFE037D7113 -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

[2010.11.05 03:57:43 | 000,072,192 | ---- | M] () MD5=D58D4E4AA8D6146D838BE02500F50B27 -- C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

[2010.11.20 14:32:22 | 000,134,656 | ---- | M] () MD5=7D8676EC6A6ABCF57E1F6CA5372E56EE -- C:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll

[2010.11.20 14:32:22 | 000,186,368 | ---- | M] () MD5=F65CFF843B6E073A4F8188E19EC538D2 -- C:\Windows\assembly\GAC_32\mcupdate\6.1.0.0__31bf3856ad364e35\mcupdate.exe

[2010.11.20 14:32:22 | 000,121,856 | ---- | M] () MD5=6B35B443F4EF4AA695487BC83EADAEC6 -- C:\Windows\assembly\GAC_32\Mcx2Dvcs\6.1.0.0__31bf3856ad364e35\Mcx2Dvcs.dll

[2009.07.14 03:24:14 | 000,507,904 | ---- | M] () MD5=269691AFEE6C44C52CDCA23C24BDBB0C -- C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll

[2009.07.14 03:24:28 | 000,077,824 | ---- | M] () MD5=BB2BB7BFE455562249E922A7AA4493A5 -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll

[2011.08.17 06:28:53 | 000,280,576 | ---- | M] () MD5=6A700621ECF04A54DB76EE9D1ADC79B7 -- C:\Windows\assembly\GAC_32\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll

[2010.11.20 14:35:58 | 000,129,536 | ---- | M] () MD5=796046D31F7CEEFFF6243A98FABA290B -- C:\Windows\assembly\GAC_32\Microsoft.MediaCenter.iTV.Media\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTV.Media.dll

[2010.11.20 14:35:58 | 000,053,248 | ---- | M] () MD5=700A8CF1409EBEEAD7D20B704C338C57 -- C:\Windows\assembly\GAC_32\Microsoft.MediaCenter.Mheg\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Mheg.dll

[2010.11.20 14:35:59 | 000,139,264 | ---- | M] () MD5=3B3D543F595910584AC45C75186CD3DA -- C:\Windows\assembly\GAC_32\Microsoft.MediaCenter.Playback\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Playback.dll

[2010.11.20 14:35:58 | 000,307,712 | ---- | M] () MD5=C6F74E2405934514BB0434B7FCF7B7ED -- C:\Windows\assembly\GAC_32\Microsoft.MediaCenter.TV.Tuners.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.TV.Tuners.Interop.dll

[2010.11.05 03:52:36 | 000,163,840 | ---- | M] () MD5=059B857CCA35C20F06B5DEBD51C4FB38 -- C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

[2009.07.14 03:26:31 | 000,008,192 | ---- | M] () MD5=FA44A672F1C12791984D9ECAB7DC3177 -- C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll

[2010.11.20 14:32:22 | 000,019,968 | ---- | M] () MD5=36D6B6EFE1AFD20700DB4C4E20F400A7 -- C:\Windows\assembly\GAC_32\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop\6.1.0.0__31bf3856ad364e35\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.dll

[2009.06.10 23:14:52 | 000,087,888 | ---- | M] () MD5=2E5F1CF69F92392F8829FC9C9263AE9B -- C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe

[2009.06.10 23:14:53 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config

[2009.06.10 23:22:47 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp

[2009.06.10 23:22:47 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp

[2009.06.10 23:22:58 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp

[2012.01.04 04:50:59 | 004,550,656 | ---- | M] () MD5=C850A6041F5AEDE21C53514BBE9AB09D -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

[2009.06.10 23:23:13 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp

[2009.06.10 23:23:13 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp

[2009.06.10 23:23:13 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp

[2009.06.10 23:23:13 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp

[2009.06.10 23:23:13 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp

[2009.06.10 23:23:14 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp

[2009.06.10 23:23:14 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp

[2009.06.10 23:23:17 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp

[2009.06.10 23:23:17 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp

[2009.06.10 23:23:23 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp

[2010.11.20 14:36:00 | 000,046,080 | ---- | M] () MD5=93C4029DABC19166076BE347283AB969 -- C:\Windows\assembly\GAC_32\napcrypt\6.1.0.0__31bf3856ad364e35\NAPCRYPT.DLL

[2010.11.20 14:36:00 | 000,107,008 | ---- | M] () MD5=E9CFC1884D1E579E82073103827FA62B -- C:\Windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35\NAPHLPR.DLL

[2009.07.14 00:04:07 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.config

[2009.07.14 03:25:25 | 000,005,632 | ---- | M] () MD5=608232474C33C71F863B0866E5165C1C -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.dll

[2009.06.10 23:32:22 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config

[2009.07.14 03:26:15 | 000,005,632 | ---- | M] () MD5=2641880E8C12BEE37DDC2813908A2A0F -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRoles.dll

[2009.06.10 23:32:22 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.config

[2009.07.14 03:23:30 | 000,005,632 | ---- | M] () MD5=D6C077082EAA747911C212A9EB64A813 -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.dll

[2009.07.14 00:04:07 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.config

[2009.07.14 03:22:54 | 000,005,632 | ---- | M] () MD5=331021DA8B00A9ADCDD54B5782943204 -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.dll

[2009.07.14 00:04:08 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.config

[2009.07.14 03:23:04 | 000,005,632 | ---- | M] () MD5=B3DB67C90DBBB75BFE110A86E951C2EC -- C:\Windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.dll

[2012.02.11 01:31:40 | 004,218,880 | ---- | M] () MD5=AEDDFD540E3E6BECDB14C30D1F12B78A -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

[2009.06.10 23:14:51 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config

[2012.02.11 01:31:42 | 001,737,496 | ---- | M] () MD5=DDFBFD8959F32AC0CF3947F36BAC3081 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll

[2010.11.05 03:58:05 | 000,486,400 | ---- | M] () MD5=ED40D020A6A82748394F1653CE324CE4 -- C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

[2010.11.05 03:58:05 | 002,927,616 | ---- | M] () MD5=35CAB7CF3754C41AEB69DCE1D5ACA5A4 -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

[2010.11.05 03:58:08 | 000,258,048 | ---- | M] () MD5=6DB969DF540BC71722848940D180AC08 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

[2010.11.20 06:12:59 | 000,113,664 | ---- | M] () MD5=C865DC05ADE0B41A9E14DD585E0CDF94 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

[2012.02.11 01:31:41 | 000,372,736 | ---- | M] () MD5=A151947AD131A883870A6174CACF423B -- C:\Windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll

[2009.06.10 23:23:19 | 000,261,632 | ---- | M] () MD5=5F3F1BF5F5B43293953FC915845910C4 -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

[2011.12.25 22:42:15 | 005,255,168 | ---- | M] () MD5=7D2B8E2CE3EF2DC633689F1E1F4A7504 -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

 

< %SystemRoot%\assembly\GAC_MSIL\*.* /S /MD5 >

[2009.06.10 23:22:40 | 000,010,752 | ---- | M] () MD5=7E8C840853FB6EBD5CC16D3C10C7C127 -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

[2009.06.10 23:22:47 | 000,507,904 | ---- | M] () MD5=11B30A8447A724C6E9FBF6261AC0DA6E -- C:\Windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

[2010.11.05 03:52:35 | 000,165,720 | ---- | M] () MD5=501E961FEEBBDE040FB836CB5DE122C2 -- C:\Windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe

[2009.06.10 23:22:50 | 000,013,312 | ---- | M] () MD5=AAD128271C76C6596E69CFA81D765C2C -- C:\Windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

[2009.06.10 23:22:50 | 000,005,120 | ---- | M] () MD5=BA86FDE9C3B5BD2FF5EA7A99BF648E82 -- C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\dfsvc.exe

[2010.11.20 14:32:20 | 000,094,208 | ---- | M] () MD5=3AC3967EB34A432332FF4E2D971397E8 -- C:\Windows\assembly\GAC_MSIL\ehCIR\6.1.0.0__31bf3856ad364e35\ehCIR.dll

[2010.11.20 14:32:20 | 000,143,360 | ---- | M] () MD5=7F404ED2BAD3365F1A6452DBE40024FD -- C:\Windows\assembly\GAC_MSIL\ehexthost\6.1.0.0__31bf3856ad364e35\ehexthost.exe

[2009.07.13 23:04:37 | 000,002,274 | ---- | M] () MD5=C343B566A3B8DA7743C30796BE0A54D7 -- C:\Windows\assembly\GAC_MSIL\ehexthost\6.1.0.0__31bf3856ad364e35\ehexthost.exe.config

[2009.07.14 03:20:19 | 000,015,872 | ---- | M] () MD5=8C0473A82FF7D19D19B8F3E120B3BB3A -- C:\Windows\assembly\GAC_MSIL\ehiActivScp\6.1.0.0__31bf3856ad364e35\ehiActivScp.dll

[2009.07.14 03:22:13 | 000,011,776 | ---- | M] () MD5=49D389CC7E7DC17C507F4B5AD6203AD3 -- C:\Windows\assembly\GAC_MSIL\ehiBmlDataCarousel\6.1.0.0__31bf3856ad364e35\ehiBmlDataCarousel.dll

[2009.07.14 03:20:15 | 000,077,824 | ---- | M] () MD5=598383C42098DF7D0FFD61F459B6CBAF -- C:\Windows\assembly\GAC_MSIL\ehiExtens\6.1.0.0__31bf3856ad364e35\ehiExtens.dll

[2009.07.14 03:20:46 | 000,040,960 | ---- | M] () MD5=0DBF6B6DEBD8C1F3F810C17AF4A18CE5 -- C:\Windows\assembly\GAC_MSIL\ehiiTV\6.1.0.0__31bf3856ad364e35\ehiiTV.dll

[2010.11.20 14:32:20 | 000,172,032 | ---- | M] () MD5=3B813FB741DF5CD45EB4EA36AE0F83B3 -- C:\Windows\assembly\GAC_MSIL\ehiProxy\6.1.0.0__31bf3856ad364e35\ehiProxy.dll

[2009.07.14 03:20:56 | 000,086,016 | ---- | M] () MD5=2CC68F809DAF4D4FAC0E66B35A4EB9BE -- C:\Windows\assembly\GAC_MSIL\ehiTVMSMusic\6.1.0.0__31bf3856ad364e35\ehiTVMSMusic.dll

[2009.07.14 03:20:37 | 000,006,144 | ---- | M] () MD5=A924F87D32D7D28D58D3CBDB8B103E6F -- C:\Windows\assembly\GAC_MSIL\ehiUPnP\6.1.0.0__31bf3856ad364e35\ehiUPnP.dll

[2009.07.14 03:20:38 | 000,032,768 | ---- | M] () MD5=62F20E48B43B44D9C6E9B4CF08FB120D -- C:\Windows\assembly\GAC_MSIL\ehiUserXp\6.1.0.0__31bf3856ad364e35\ehiUserXp.dll

[2009.07.14 03:20:51 | 000,335,872 | ---- | M] () MD5=DB2189BF0B4D192F70605F50EC30037B -- C:\Windows\assembly\GAC_MSIL\ehiVidCtl\6.1.0.0__31bf3856ad364e35\ehiVidCtl.dll

[2009.07.14 03:21:00 | 000,143,360 | ---- | M] () MD5=391EF4FF1EF376B4408C0DEFE2041DBF -- C:\Windows\assembly\GAC_MSIL\ehiwmp\6.1.0.0__31bf3856ad364e35\ehiwmp.dll

[2009.07.14 03:22:59 | 000,086,016 | ---- | M] () MD5=82A5798BD1A2FE8678A51CC9CE493F7F -- C:\Windows\assembly\GAC_MSIL\ehiWUapi\6.1.0.0__31bf3856ad364e35\ehiWUapi.dll

[2010.11.20 14:32:21 | 000,196,608 | ---- | M] () MD5=641443B48D34539ED0F58C1FC3A379F0 -- C:\Windows\assembly\GAC_MSIL\ehRecObj\6.1.0.0__31bf3856ad364e35\ehRecObj.dll

[2010.11.20 14:32:21 | 006,307,840 | ---- | M] () MD5=89AFF2261ECF21647B126E596675E302 -- C:\Windows\assembly\GAC_MSIL\ehshell\6.1.0.0__31bf3856ad364e35\ehshell.dll

[2010.11.20 14:19:48 | 000,008,192 | ---- | M] () MD5=D7081D68005C975549685E8BF129794E -- C:\Windows\assembly\GAC_MSIL\EventViewer.Resources\6.1.0.0_en_31bf3856ad364e35\EventViewer.resources.dll

[2010.11.20 14:32:20 | 000,368,640 | ---- | M] () MD5=F046EB4BBFC631D178C6DF20819C1DE5 -- C:\Windows\assembly\GAC_MSIL\EventViewer\6.1.0.0__31bf3856ad364e35\EventViewer.dll

[2009.06.10 23:22:54 | 000,008,192 | ---- | M] () MD5=96D9E7E468D537443DE037A7E15CB804 -- C:\Windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

[2009.06.10 23:22:55 | 000,077,824 | ---- | M] () MD5=AF29AA7F2F613951A9E913B4290B2ECE -- C:\Windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

[2009.06.10 23:22:55 | 000,006,656 | ---- | M] () MD5=D051642D0ED61E2886FD8917E8B6FAFD -- C:\Windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

[2009.07.14 03:23:32 | 000,106,496 | ---- | M] () MD5=967047584598B8EA09A742328872C06D -- C:\Windows\assembly\GAC_MSIL\loadmxf\6.1.0.0__31bf3856ad364e35\loadmxf.exe

[2010.11.20 14:32:22 | 000,942,080 | ---- | M] () MD5=95738FEDB3C23753C20CBCF7D772E259 -- C:\Windows\assembly\GAC_MSIL\mcepg\6.1.0.0__31bf3856ad364e35\mcepg.dll

[2009.07.14 03:19:48 | 000,053,248 | ---- | M] () MD5=F499B89A60548AF6B4E8EE715C6599B0 -- C:\Windows\assembly\GAC_MSIL\MCESidebarCtrl\6.1.0.0__31bf3856ad364e35\MCESidebarCtrl.dll

[2010.11.20 14:32:22 | 000,122,880 | ---- | M] () MD5=8E8ADA64942CF38625A557C026059AC3 -- C:\Windows\assembly\GAC_MSIL\mcglidhostobj\6.1.0.0__31bf3856ad364e35\mcglidhostobj.dll

[2010.11.20 14:32:22 | 000,171,520 | ---- | M] () MD5=C6FB5599850922CE6B440899C078A2CF -- C:\Windows\assembly\GAC_MSIL\mcplayerinterop\6.1.0.0__31bf3856ad364e35\mcplayerinterop.dll

[2010.11.20 14:32:22 | 000,638,976 | ---- | M] () MD5=F338EC894AA0CE005156B4AB2FF77CCC -- C:\Windows\assembly\GAC_MSIL\mcstore\6.1.0.0__31bf3856ad364e35\mcstore.dll

[2009.07.14 04:12:50 | 000,007,168 | ---- | M] () MD5=FCA8AC8ABBCE37458663CCA33E7F71F7 -- C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.resources.dll

[2009.07.14 03:20:28 | 000,057,344 | ---- | M] () MD5=D16F569EB4264641241465BEFA107BD0 -- C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll

[2009.06.10 23:14:36 | 000,106,496 | ---- | M] () MD5=550E75434C424A17A1E06669D8335C26 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll

[2010.11.05 03:57:44 | 000,348,160 | ---- | M] () MD5=24FDCD95121E59D39DCB1585EC8C5901 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

[2010.11.05 03:53:30 | 000,733,184 | ---- | M] () MD5=DC6476726F4A15BF5BC8CF2C235B17C6 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

[2010.11.05 03:57:44 | 000,036,864 | ---- | M] () MD5=4B177641BEBC8965220EC474D65981A3 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

[2009.06.10 23:14:40 | 000,036,864 | ---- | M] () MD5=80F89EC03B39E5A6700C9CA5A5545230 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

[2010.11.05 03:53:36 | 000,802,816 | ---- | M] () MD5=9EBE67131D1776B86410B56FFC95A5BF -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll

[2010.11.05 03:57:45 | 000,655,360 | ---- | M] () MD5=5B5AEB3CEB1FC6D77E57821E6A42DE72 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

[2010.11.05 03:53:30 | 000,094,208 | ---- | M] () MD5=B6EF0B4C1898D03FC7814B890FCE9B72 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll

[2010.11.05 03:57:45 | 000,077,824 | ---- | M] () MD5=D7A537839EAB83BAD8F3C053098198E8 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

[2009.07.14 04:13:02 | 000,036,864 | ---- | M] () MD5=3576E621125C0ECE94313B85CCE6F8B6 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Ink.Resources\6.1.0.0_en_31bf3856ad364e35\Microsoft.Ink.Resources.dll

[2009.06.10 23:23:03 | 000,749,568 | ---- | M] () MD5=3CF65928E67E362D5B25424EBCC27B12 -- C:\Windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

[2009.07.14 04:13:00 | 000,016,384 | ---- | M] () MD5=4D9D34F0204D5DF8EF1DBBD704735EEB -- C:\Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole.Resources\3.0.0.0_en_31bf3856ad364e35\Microsoft.ManagementConsole.Resources.dll

[2009.07.14 03:21:42 | 000,188,416 | ---- | M] () MD5=F8B72BFD1D8C36E1A2C98E25C9CF2504 -- C:\Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole\3.0.0.0__31bf3856ad364e35\Microsoft.ManagementConsole.dll

[2009.07.14 03:22:44 | 001,159,168 | ---- | M] () MD5=2D994989944FA2E9D2AD7450953523A9 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Bml\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Bml.dll

[2009.07.14 03:22:09 | 000,024,576 | ---- | M] () MD5=97D4AC2BAD43C5D5C8C42EDB71B2E532 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.iTv.Hosting\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTv.Hosting.dll

[2010.11.20 14:35:58 | 000,086,016 | ---- | M] () MD5=083B692697B5974B0A5ED59BF4D3147C -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.iTV\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTV.dll

[2010.11.20 14:35:58 | 000,045,056 | ---- | M] () MD5=A9D673D4B371B9D918875386640113BA -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.ITVVM\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.ITVVM.dll

[2010.11.20 14:35:58 | 001,572,864 | ---- | M] () MD5=0CFCDCFB9D28CE7AFC3F1823250ABE71 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Shell\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Shell.dll

[2010.11.20 14:35:58 | 000,241,664 | ---- | M] () MD5=3E1A7D201A38D73F14FFE90909B38A86 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Sports\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Sports.dll

[2010.11.20 14:35:59 | 002,596,864 | ---- | M] () MD5=732807787D6FA99791370D934360AE4C -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll

[2010.11.20 14:35:59 | 000,385,024 | ---- | M] () MD5=2F4797433A371756FE937CE802C2F313 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.dll

[2009.07.14 04:13:04 | 000,010,752 | ---- | M] () MD5=65B27C38DBD68EFEC636665FDBF4D1FF -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.resources.dll

[2010.11.20 14:35:58 | 000,102,400 | ---- | M] () MD5=2E86EDB34D366FCC9425B1A4654FC543 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll

[2009.07.14 04:13:06 | 000,036,864 | ---- | M] () MD5=10C9C4380C4B403B95D757C4517AFD5B -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.Resources.dll

[2010.11.20 14:35:58 | 000,290,816 | ---- | M] () MD5=33C0200ED261F9738AB90A58C97E2E52 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll

[2010.11.20 14:19:49 | 000,049,152 | ---- | M] () MD5=28AF2A12179398B90A6F18E451010209 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.Resources.dll

[2010.11.20 14:35:59 | 000,667,648 | ---- | M] () MD5=C23ACC08CB8049A8DDC7D8CD84280096 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll

[2010.11.20 14:19:49 | 000,040,960 | ---- | M] () MD5=42CDE70A57616C7D54694E881C5F84A9 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll

[2009.07.14 03:23:47 | 000,200,704 | ---- | M] () MD5=61408B3CF77B787A753B6F4F4A6840B1 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll

[2009.07.14 04:13:04 | 000,069,632 | ---- | M] () MD5=DF60F16CB3FA971EBD1CB6B1FA346AF6 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Editor.Resources.dll

[2010.11.20 14:35:59 | 000,991,232 | ---- | M] () MD5=7E6557381C8CF162A4ED0D9A581F870B -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Editor.dll

[2009.07.14 04:13:06 | 000,040,960 | ---- | M] () MD5=41888D6ED40E49C4DAED8E412BB18B90 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Gpowershell.resources.dll

[2009.07.14 03:22:04 | 000,651,264 | ---- | M] () MD5=E66B1EEE2AB24DE9F3D5189A1FC8D4BF -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GPowerShell.dll

[2009.07.14 04:13:06 | 000,016,896 | ---- | M] () MD5=E848EEBF463086883E026AAD11C24F1A -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.Resources.dll

[2009.07.14 03:20:38 | 000,278,528 | ---- | M] () MD5=3EAB4DBDC290EDC4D53FE77F1FDB9E59 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.dll

[2009.07.14 04:11:48 | 000,009,216 | ---- | M] () MD5=462D0B841E939094840CFA61C990410F -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll

[2010.11.20 14:35:58 | 000,077,824 | ---- | M] () MD5=B1282FC909517D890C61F7F3313134EF -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll

[2009.07.14 04:13:06 | 000,073,728 | ---- | M] () MD5=67F68317A9F346A32039F9651C7EAC46 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Tpm.Resources\6.1.0.0_en_31bf3856ad364e35\microsoft.tpm.resources.dll

[2009.07.14 03:24:19 | 000,192,512 | ---- | M] () MD5=466761E68D1AAED81DFD5E43B168D2F0 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Tpm\6.1.0.0__31bf3856ad364e35\Microsoft.Tpm.dll

[2009.06.10 23:14:03 | 000,397,312 | ---- | M] () MD5=130FF58B6245F78097E7619EFB61CDD2 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

[2009.06.10 23:23:03 | 000,110,592 | ---- | M] () MD5=A070FD9509392CEB84A3ED8F8A42A504 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

[2010.11.05 03:57:46 | 000,372,736 | ---- | M] () MD5=B424A0AF636B1D3DAE3A664285EF9795 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

[2009.06.10 23:23:04 | 000,028,672 | ---- | M] () MD5=A5B5F03020C0A01276801CF2C807FF8C -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

[2010.11.05 03:57:46 | 000,610,304 | ---- | M] () MD5=DF1F3AFE18D254F759BB1A000B811C15 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

[2009.06.10 23:14:40 | 000,041,984 | ---- | M] () MD5=DD26812B72AF01116F7A1DDD4FA21E49 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll

[2009.06.10 23:23:04 | 000,005,632 | ---- | M] () MD5=BBAEF0C6E310A25D3BCCAA2ADC538F82 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

[2009.06.10 23:23:04 | 000,012,800 | ---- | M] () MD5=71C2F1A0F8FFD6D017F039AC023DE81C -- C:\Windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

[2009.06.10 23:23:04 | 000,032,768 | ---- | M] () MD5=45F2E4914DDCDA6F468D99FAA91911F2 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

[2009.07.14 04:13:08 | 000,004,096 | ---- | M] () MD5=04D3E891B3256A1EBD36FA7B6F984920 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.resources.dll

[2009.07.14 03:25:15 | 000,009,728 | ---- | M] () MD5=96F718F03F4D8782D7EB11954AC0E914 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.GetDiagInput\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.dll

[2009.07.14 04:13:08 | 000,004,096 | ---- | M] () MD5=ADD629AFA64864C8519B2485F6F61554 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.resources.dll

[2009.07.14 03:26:39 | 000,010,752 | ---- | M] () MD5=78EF40CE03E23CB6702391D919F95436 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.dll

[2009.07.14 04:13:08 | 000,004,096 | ---- | M] () MD5=84AA3A80B726C6DCCDAA38A879862D6D -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.resources.dll

[2009.07.14 03:25:40 | 000,009,216 | ---- | M] () MD5=EE5B0505F2E8E8305748DD270A7AD929 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.dll

[2009.07.14 04:13:08 | 000,004,096 | ---- | M] () MD5=BEBFDDCB2DB36E9302A4358878C8CFD4 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.resources.dll

[2009.07.14 03:25:32 | 000,008,192 | ---- | M] () MD5=7FBCA94271448B41DB000C98C9615312 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.dll

[2010.11.20 14:19:49 | 000,004,096 | ---- | M] () MD5=B8E015AD059FFAFCE9CB40DF775B11E0 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.SDHost.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDHost.resources.dll

[2009.07.14 03:25:35 | 000,024,576 | ---- | M] () MD5=915BBFA6BBF105C0C51398A3398D19CB -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.SDHost\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDHost.dll

[2009.07.14 04:13:08 | 000,006,656 | ---- | M] () MD5=FC66A5034B5B6A7C09FCE86C47BBF4ED -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack.Resources\6.1.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.resources.dll

[2009.07.14 03:26:37 | 000,049,152 | ---- | M] () MD5=4BB0FF1D72803CC075D92CE2FBDCA2B3 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll

[2010.11.20 14:19:49 | 000,013,824 | ---- | M] () MD5=C58C7003380F76221AB9B5BBB4AE4452 -- C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll

[2010.11.20 14:36:00 | 000,286,720 | ---- | M] () MD5=64C192235DF8F704412F0D66BAF5C1B1 -- C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll

[2009.07.14 03:22:00 | 000,007,168 | ---- | M] () MD5=D5F86545FAF811ED2CCF3C6117B0EC44 -- C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll

[2009.06.10 23:23:04 | 000,007,168 | ---- | M] () MD5=E5640EF09DA87B03E78F18F850CFF728 -- C:\Windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

[2009.07.14 04:13:12 | 001,552,384 | ---- | M] () MD5=5D85FA66189E6832466C8DEE97CA8C3F -- C:\Windows\assembly\GAC_MSIL\MiguiControls.Resources\1.0.0.0_en_31bf3856ad364e35\MIGUIControls.resources.dll

[2010.11.20 14:36:00 | 003,416,064 | ---- | M] () MD5=CD35B1936F50990D1FCEAE31E2D1553F -- C:\Windows\assembly\GAC_MSIL\MiguiControls\1.0.0.0__31bf3856ad364e35\MIGUIControls.dll

[2010.11.20 14:19:49 | 000,036,864 | ---- | M] () MD5=E5956455F8A07B174CF146247EC6315E -- C:\Windows\assembly\GAC_MSIL\MMCEx.Resources\3.0.0.0_en_31bf3856ad364e35\MMCEx.Resources.dll

[2009.07.14 03:26:50 | 000,421,888 | ---- | M] () MD5=A9D4275CE5EA165C267AE05A6821CB54 -- C:\Windows\assembly\GAC_MSIL\MMCEx\3.0.0.0__31bf3856ad364e35\MMCEx.dll

[2010.11.20 14:19:49 | 000,004,096 | ---- | M] () MD5=930887F063E075C31E38E435F9C3D94C -- C:\Windows\assembly\GAC_MSIL\MMCFxCommon.Resources\3.0.0.0_en_31bf3856ad364e35\MMCFxCommon.Resources.dll

[2009.07.14 03:26:07 | 000,110,592 | ---- | M] () MD5=E72BF459A519312B4FF7F3FA8A85BA13 -- C:\Windows\assembly\GAC_MSIL\MMCFxCommon\3.0.0.0__31bf3856ad364e35\MMCFxCommon.dll

[2010.11.20 14:19:49 | 000,049,152 | ---- | M] () MD5=B0F301AA13B7E4F227F6964856739530 -- C:\Windows\assembly\GAC_MSIL\napinit.resources\6.1.0.0_en_31bf3856ad364e35\napinit.Resources.dll

[2009.07.14 03:22:44 | 000,073,728 | ---- | M] () MD5=0E2E919A5255D305CF1B3AE9B9D452F1 -- C:\Windows\assembly\GAC_MSIL\napinit\6.1.0.0__31bf3856ad364e35\NAPINIT.DLL

[2009.07.14 04:12:16 | 000,233,472 | ---- | M] () MD5=804C49310D2EA3B1A2E3809CE3C93B47 -- C:\Windows\assembly\GAC_MSIL\napsnap.resources\6.1.0.0_en_31bf3856ad364e35\napsnap.resources.dll

[2009.07.14 03:25:01 | 000,454,656 | ---- | M] () MD5=FC35785CC6FD225A4E504A23DE13D085 -- C:\Windows\assembly\GAC_MSIL\napsnap\6.1.0.0__31bf3856ad364e35\NAPSNAP.DLL

[2010.11.20 14:36:00 | 001,077,248 | ---- | M] () MD5=95DE3CF54E0A360EED766DBDDF152F0D -- C:\Windows\assembly\GAC_MSIL\Narrator\6.1.0.0__31bf3856ad364e35\Narrator.exe

[2011.08.24 01:56:53 | 000,000,815 | ---- | M] () MD5=0A33273323603FCBD8DDD74758163161 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.ehRecObj\6.1.0.0__31bf3856ad364e35\Policy.6.0.ehRecObj.config

[2011.08.24 01:56:53 | 000,005,632 | ---- | M] () MD5=841736FAB112AC493646E4399E684D38 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.ehRecObj\6.1.0.0__31bf3856ad364e35\Policy.6.0.ehRecObj.dll

[2011.08.24 01:56:53 | 000,000,831 | ---- | M] () MD5=A9C1035129544B3867E06A8F02874FE4 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.UI.config

[2011.08.24 01:56:53 | 000,005,632 | ---- | M] () MD5=1A49D09BD80C023A771214DA826FF6B6 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.UI.dll

[2011.08.24 01:56:53 | 000,000,828 | ---- | M] () MD5=52B88C0916FAFF34E0174CD718980AC4 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.config

[2011.08.24 01:56:53 | 000,005,632 | ---- | M] () MD5=0C8F794B0C057EB421569A4E5B8E98C5 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.dll

[2010.11.05 03:53:21 | 000,598,016 | ---- | M] () MD5=AEFD96A1A087027A7EDC21F83F1B4727 -- C:\Windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll

[2009.06.10 23:14:50 | 000,032,768 | ---- | M] () MD5=24F02A6A94DC8AE6F2ACDA7950CBEEB3 -- C:\Windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll

[2009.06.10 23:14:51 | 000,042,856 | ---- | M] () MD5=E56F39F6B7FDA0AC77A79B0FD3DE1A2F -- C:\Windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe

[2009.06.10 23:14:43 | 000,196,608 | ---- | M] () MD5=C9DF30B6F5D99C8147C528528B9CC498 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

[2009.06.10 23:14:44 | 000,139,264 | ---- | M] () MD5=98F2493B40E00061B4A4369E63790293 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

[2010.11.05 03:53:23 | 000,397,312 | ---- | M] () MD5=4E9FDA223530F931AC1F03ABB58E4DA5 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

[2009.06.10 23:14:44 | 000,163,840 | ---- | M] () MD5=13E8EC241CA1402C923DF3A1DA9CAF70 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

[2012.02.11 01:31:41 | 005,283,840 | ---- | M] () MD5=530DFD580E4C341B267ED4E2A56B8233 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll

[2009.06.10 23:14:52 | 000,864,256 | ---- | M] () MD5=0F8242348EBA698FF93193A6BDC55362 -- C:\Windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll

[2012.02.11 01:31:41 | 000,532,480 | ---- | M] () MD5=93CF6C96CDBFC1834A28F835B769E8BA -- C:\Windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll

[2009.06.10 23:15:18 | 000,005,632 | ---- | M] () MD5=AA7004ABA8C37DDCA200E16F1570EF62 -- C:\Windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll

[2010.11.05 03:52:39 | 000,110,592 | ---- | M] () MD5=6F145DEF09821EB6614C501430CB838C -- C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll

[2010.11.05 03:52:39 | 000,128,848 | ---- | M] () MD5=F476EC40033CDB91EFBE73EB99B8362D -- C:\Windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe

[2009.07.14 03:25:09 | 000,086,016 | ---- | M] () MD5=46107610B0BDFA104BDF859664DB1654 -- C:\Windows\assembly\GAC_MSIL\SonicMCEBurnEngine\6.1.0.0__31bf3856ad364e35\SonicMCEBurnEngine.dll

[2009.06.10 23:23:17 | 000,110,592 | ---- | M] () MD5=3C8AF820562CC8E3A1CF82650518F66C -- C:\Windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

[2010.11.05 03:53:30 | 000,045,056 | ---- | M] () MD5=6D593E9AE74E39A62F8184515B27DF28 -- C:\Windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

[2012.01.04 04:50:53 | 000,163,840 | ---- | M] () MD5=C2EC2AD05B97F9124399E1DA1D1386C2 -- C:\Windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll

[2010.11.05 03:53:30 | 000,057,344 | ---- | M] () MD5=27E76A55FA5C3586297C2D42986304AC -- C:\Windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

[2010.11.05 03:58:04 | 000,081,920 | ---- | M] () MD5=ED2D3B032733BFC7A68FCE05BC7F93B4 -- C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

[2010.11.05 03:58:04 | 000,425,984 | ---- | M] () MD5=5A7A33F7F9DFC0C0A8B8E000F4D9D898 -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

[2010.11.05 03:53:30 | 000,667,648 | ---- | M] () MD5=FC114C6C8AB34F1A357069AD3E4477F8 -- C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll

[2010.11.05 03:53:31 | 000,053,248 | ---- | M] () MD5=82D34DEB3105E63981A0306B03C10A07 -- C:\Windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

[2010.11.05 03:53:31 | 000,229,376 | ---- | M] () MD5=02B81AAEB463E966372AF6A1C0B6038E -- C:\Windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll

[2010.11.05 03:53:31 | 002,879,488 | ---- | M] () MD5=EEDCBC7607D2852BBF74409B49A8D1C1 -- C:\Windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll

[2010.11.05 03:53:31 | 000,684,032 | ---- | M] () MD5=8AB40EB71BB5D5F4641AA5895712B981 -- C:\Windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll

[2010.11.05 03:53:32 | 000,462,848 | ---- | M] () MD5=606ACF1553423BFDD3CABEBA3DF264B9 -- C:\Windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll

[2010.11.05 03:53:32 | 000,163,840 | ---- | M] () MD5=0ACA904F87E674CF3CB6746D9D3AB321 -- C:\Windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll

[2010.11.05 03:53:32 | 000,692,224 | ---- | M] () MD5=4BA482E447D6096E8D4348AAE306CE1B -- C:\Windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll

[2010.11.05 03:58:05 | 000,745,472 | ---- | M] () MD5=800484A3335EACDAA9600120385CCBDC -- C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

[2010.11.05 03:58:05 | 000,970,752 | ---- | M] () MD5=418EC83A2FC441A3D40F3FDCDA851392 -- C:\Windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

[2012.03.22 00:32:36 | 004,927,488 | ---- | M] () MD5=93B68EBA6B5BB6AC877441C8BE9E40C0 -- C:\Windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

[2010.11.05 03:53:32 | 000,290,816 | ---- | M] () MD5=CD86BDCB5E115635E6AB7DFE77FC1D11 -- C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll

[2009.06.10 23:23:18 | 000,188,416 | ---- | M] () MD5=EE1DCDAA3EA8F53DA56116875CD01653 -- C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

[2010.11.05 03:58:06 | 000,401,408 | ---- | M] () MD5=AF1F47FBADABB9134002359970F5FD1C -- C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

[2009.06.10 23:23:18 | 000,081,920 | ---- | M] () MD5=D195A195E3D16A867FD4382D786313B8 -- C:\Windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

[2012.04.24 00:35:09 | 000,630,784 | ---- | M] () MD5=1312BDEE8EC4F13CBB25BDBB359768A0 -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

[2010.11.05 03:52:27 | 000,126,976 | ---- | M] () MD5=DF7FEE2563BF2D59926B786FBF636510 -- C:\Windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

[2010.11.05 03:52:27 | 000,442,368 | ---- | M] () MD5=9638C20A92962CAFC45E8F48AE6238F5 -- C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll

[2009.06.10 23:13:54 | 000,131,072 | ---- | M] () MD5=AC45DB17E166ECEBD320D4FA2820C1B6 -- C:\Windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

[2010.11.20 14:19:49 | 000,253,952 | ---- | M] () MD5=53998D919FABB0F5EF2BD7C38533D2B7 -- C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_en_31bf3856ad364e35\System.Management.Automation.Resources.dll

[2010.11.20 14:36:01 | 003,010,560 | ---- | M] () MD5=4214698AD147EA8E83CC0E7DCF883DB3 -- C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll

[2010.11.05 03:53:32 | 000,143,360 | ---- | M] () MD5=BCD4761D6E2290B490498126C67A35D0 -- C:\Windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

[2010.11.05 03:58:09 | 000,385,024 | ---- | M] () MD5=52C875E8F96E4F9E69914A538C129C6E -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

[2010.11.05 03:58:09 | 000,258,048 | ---- | M] () MD5=3035497DE3B9208633BC7F3604D781FB -- C:\Windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

[2010.11.05 03:53:32 | 000,237,568 | ---- | M] () MD5=74446FB0C54CB43A279E735F9C335752 -- C:\Windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll

[2010.11.05 03:58:10 | 000,303,104 | ---- | M] () MD5=1D4DA021B0AD837B35AFB772CC7C636D -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () MD5=C9781DA4EE6A5BBAE271CC0AC4B25D7C -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

[2010.11.05 03:52:27 | 000,970,752 | ---- | M] () MD5=01D4E1005C901889517EED7F438DB501 -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

[2010.11.05 03:58:10 | 000,258,048 | ---- | M] () MD5=A15491BE2D672FCDBFEB250E9594D7ED -- C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

[2010.11.05 03:52:40 | 000,073,728 | ---- | M] () MD5=4E0883AF9D5B4F2AAFD19F6663CBAF5F -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll

[2010.11.05 03:52:41 | 000,032,768 | ---- | M] () MD5=9A9827B4F896F40607DF8103B9C438C0 -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll

[2010.11.05 03:52:44 | 000,569,344 | ---- | M] () MD5=EA5213E7090668C917EEB947FDC3CD46 -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll

[2010.11.05 03:52:30 | 005,988,352 | ---- | M] () MD5=196D093057DE9D765FF8DDFA24215D3B -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll

[2010.11.05 03:58:10 | 000,114,688 | ---- | M] () MD5=F68CAFF425A9F37E498193BDDC5CC652 -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

[2009.06.10 23:14:45 | 000,688,128 | ---- | M] () MD5=31588B867657A7DF046AC1908550D73C -- C:\Windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll

[2010.11.05 03:53:32 | 000,077,824 | ---- | M] () MD5=DE8831D65E92BC50304F37CC75EC31D5 -- C:\Windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll

[2010.11.05 03:53:32 | 000,032,768 | ---- | M] () MD5=4A1EF32D7C394D8400870C73B40CA2A4 -- C:\Windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll

[2010.11.05 03:53:32 | 000,229,376 | ---- | M] () MD5=054F8B86C1258EDDB833A38B54155CF7 -- C:\Windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll

[2010.11.05 03:53:32 | 000,131,072 | ---- | M] () MD5=A282147F21B0DB24DB3B3566E828A8AE -- C:\Windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll

[2010.11.05 03:53:33 | 000,139,264 | ---- | M] () MD5=A5722B31B8454EE1CC50753C93CFDB4E -- C:\Windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll

[2010.11.05 03:53:33 | 000,335,872 | ---- | M] () MD5=C935E89C6F71F188282632F35A04D0C1 -- C:\Windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll

[2011.12.25 22:42:15 | 001,277,952 | ---- | M] () MD5=58AD1FECFBAEE633D6326377D8E0982E -- C:\Windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

[2010.11.05 03:58:11 | 000,835,584 | ---- | M] () MD5=18FDA35C607C486C0D5B91D7DD06CD17 -- C:\Windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

[2009.06.10 23:23:20 | 000,077,824 | ---- | M] () MD5=1CDB3B55F1330F85A674B0B5927399F4 -- C:\Windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

[2010.11.05 03:53:33 | 000,061,440 | ---- | M] () MD5=6D138BD2348457A5097F2772C78FE094 -- C:\Windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll

[2010.11.05 03:58:12 | 000,839,680 | ---- | M] () MD5=8C0B098B41A27B08D58CAE7A61A3BA19 -- C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

[2012.03.22 00:32:36 | 005,025,792 | ---- | M] () MD5=68CE18072E9CDFE63DD2E083868C7433 -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

[2009.06.10 23:15:18 | 000,012,288 | ---- | M] () MD5=1CCEE8037C8EF9A08DD0ADB7E3E38D78 -- C:\Windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll

[2010.11.05 03:53:45 | 001,142,784 | ---- | M] () MD5=A422312AE61E44B166FAC615786296A1 -- C:\Windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll

[2010.11.05 03:53:46 | 001,630,208 | ---- | M] () MD5=BD0B0F768E7E74C5CD7A34B8B4BCC81D -- C:\Windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll

[2010.11.05 03:53:46 | 000,540,672 | ---- | M] () MD5=32FF0E945F51F5147A8304026B5C19EA -- C:\Windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll

[2010.11.05 03:52:45 | 000,507,904 | ---- | M] () MD5=CC3B424ED10A8E477B5D466188531F26 -- C:\Windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll

[2010.11.05 03:53:34 | 000,139,264 | ---- | M] () MD5=EF6CEBC989FBDAEEB83E5662F1499FC0 -- C:\Windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll

[2010.11.05 03:58:14 | 002,048,000 | ---- | M] () MD5=5B3FA17E1CD6FBBDF41AC34DAEECC256 -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

[2012.01.04 04:51:03 | 003,190,784 | ---- | M] () MD5=5259AD96BE93F3DC9B649759DAC05B7A -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

[2009.07.14 04:12:46 | 000,007,168 | ---- | M] () MD5=ABBF43F681EF160CAAB7C41BC289DA06 -- C:\Windows\assembly\GAC_MSIL\TaskScheduler.Resources\6.1.0.0_en_31bf3856ad364e35\TaskScheduler.resources.dll

[2010.11.20 14:36:00 | 000,167,936 | ---- | M] () MD5=1D264989FFABEF36745304F5DD216DC7 -- C:\Windows\assembly\GAC_MSIL\TaskScheduler\6.1.0.0__31bf3856ad364e35\TaskScheduler.dll

[2009.06.10 23:14:45 | 000,172,032 | ---- | M] () MD5=3F47DB8D603A84FBF1154901AAC177CD -- C:\Windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

[2009.06.10 23:14:46 | 000,380,928 | ---- | M] () MD5=32D7B8CC805D2DA70D01DA89982DCE1D -- C:\Windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

[2009.06.10 23:14:46 | 000,040,960 | ---- | M] () MD5=0D2A84FF4383B4F41EDA8B4DE2D45D6C -- C:\Windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

[2009.06.10 23:14:46 | 000,098,304 | ---- | M] () MD5=62DF8C1D169752DF885E44D21309F7E6 -- C:\Windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

[2012.02.11 01:31:42 | 001,253,376 | ---- | M] () MD5=9F668404AB36B97B0FF5C4B140A1F1FE -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll

[2009.06.10 23:14:47 | 000,094,208 | ---- | M] () MD5=D9673C241B14E5526A81B3ABAD3FD3BA -- C:\Windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

[2010.11.05 03:52:42 | 000,149,328 | ---- | M] () MD5=8AB248DD85018CC3232D2F20E45A30E7 -- C:\Windows\assembly\GAC_MSIL\WsatConfig\3.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe

 

< HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes /s >

"DefaultScope" = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

"DownloadRetries" = 0

"DownloadUpdates" = 1

"Version" = 3

"UpgradeTime" = 74 17 5B A1 CE 53 CD 01 [binary data]

"KnownProvidersUpgradeTime" = ED E4 A3 A0 CE 53 CD 01 [binary data]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]

"Deleted" = 1

"TopResultURLFallback" = http://www.bing.com/search?q={searchTerms}&src=ie9tr

"SuggestionsURLFallback" = http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market={language}

"FaviconURLFallback" = http://www.bing.com/favicon.ico

"FaviconPath" = C:\Users\LittleJimmy\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico -- [2012.06.26 21:05:18 | 000,000,894 | ---- | M] ()

"DisplayName" = Bing

"URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]

"DisplayName" = Search the web (Babylon)

"URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100489&mntrId=e0af1b0f00000000000000ff71aad347

"SuggestionsURLFallback" = http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market={language}

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{353944CD-FBDB-4A6B-813F-AA90F0065496}]

"DisplayName" = Bing

"URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox

"ShowSearchSuggestions" = 1

"SuggestionsURL" = http://api.bing.com/qsml.aspx?query={searchTerms}&market={Language}&form=IE8SSC&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}

"Codepage" = 65001

"OSDFileURL" = file:///C:/Users/LITTLE~1/AppData/Local/Temp/DM8F34.tmp

"FaviconURL" = http://www.bing.com/favicon.ico

"FaviconPath" = C:\Users\LittleJimmy\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{353944CD-FBDB-4A6B-813F-AA90F0065496}.ico -- [2012.06.26 20:56:21 | 000,000,894 | ---- | M] ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]

"DisplayName" =

"URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes /s >

"DefaultScope" = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]

"" = Bing

"URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

"DisplayName" = @ieframe.dll,-12512

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]

"DisplayName" =

"URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

 

< HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >

"" = MruPidlList

[HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >

"" = MruPidlList

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

< type c:\diskreport.txt /c >

Microsoft DiskPart version 6.1.7601

Copyright © 1999-2008 Microsoft Corporation.

On computer: JIMMY

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

Volume 0 F NFSMW_DISC1 CDFS DVD-ROM 671 MB Healthy

Volume 1 G DVD-ROM 0 B No Media

Volume 2 H DVD-ROM 0 B No Media

Volume 3 C NTFS Partition 189 GB Healthy System

Volume 4 D NTFS Partition 406 GB Healthy

 

< MD5 for: AFD.SYS >

[2011.04.25 04:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys

[2010.11.20 10:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys

[2011.04.25 04:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys

[2011.04.25 04:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys

[2011.04.25 04:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys

[2011.04.25 05:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys

[2009.07.14 01:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys

 

< MD5 for: ATAPI.SYS >

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

 

< MD5 for: CSC.SYS >

[2009.07.14 01:15:13 | 000,387,584 | ---- | M] (Microsoft Corporation) MD5=27C9490BDD0AE48911AB8CF1932591ED -- C:\Windows\winsxs\x86_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7600.16385_none_9e1e9f0abd3adf87\csc.sys

[2010.11.20 10:44:36 | 000,388,096 | ---- | M] (Microsoft Corporation) MD5=3C2177A897B4CA2788C6FB0C3FD81D4B -- C:\Windows\winsxs\x86_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7601.17514_none_a04fb2d2ba296321\csc.sys

 

< MD5 for: DFSC.SYS >

[2011.04.27 04:33:46 | 000,078,336 | ---- | M] (Microsoft Corporation) MD5=83D1ECEA8FAAE75604C0FA49AC7AD996 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16804_none_87c60c95472f7333\dfsc.sys

[2011.04.27 04:24:42 | 000,078,336 | ---- | M] (Microsoft Corporation) MD5=886E8C1608146CC355DDD455F5C8DD87 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.20953_none_8818997a6076855b\dfsc.sys

[2009.07.14 01:14:17 | 000,078,336 | ---- | M] (Microsoft Corporation) MD5=8E09E52EE2E3CEB199EF3DD99CF9E3FB -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16385_none_87708401476f7a4f\dfsc.sys

[2010.11.20 10:42:32 | 000,078,336 | ---- | M] (Microsoft Corporation) MD5=F024449C97EC1E464AAFFDA18593DB88 -- C:\Windows\System32\drivers\dfsc.sys

[2010.11.20 10:42:32 | 000,078,336 | ---- | M] (Microsoft Corporation) MD5=F024449C97EC1E464AAFFDA18593DB88 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7601.17514_none_89a197c9445dfde9\dfsc.sys

 

< MD5 for: DISK.SYS >

[2009.07.14 03:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys

[2009.07.14 03:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys

[2009.07.14 03:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

 

< MD5 for: EXPLORER.EXE >

[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe

[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe

[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe

[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe

[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe

[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe

[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe

[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe

[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe

[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

 

< MD5 for: I8042PRT.SYS >

[2009.07.14 01:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\System32\drivers\i8042prt.sys

[2009.07.14 01:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_50ad659974198591\i8042prt.sys

[2009.07.14 01:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_x86_neutral_7a9084e0177406eb\i8042prt.sys

[2009.07.14 01:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_9724c3fc3a4c81ef\i8042prt.sys

[2009.07.14 01:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_9955d7c4373b0589\i8042prt.sys

[2009.07.14 01:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_4e0a61a033aec8c3\i8042prt.sys

 

< MD5 for: IASTOR.SYS >

[2011.05.20 19:43:02 | 000,461,592 | ---- | M] (Intel Corporation) MD5=DB81F413FA4E3F328CAD7B5D59EF3F21 -- C:\Windows\System32\drivers\iaStor.sys

[2011.05.20 19:43:02 | 000,461,592 | ---- | M] (Intel Corporation) MD5=DB81F413FA4E3F328CAD7B5D59EF3F21 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_5617f4bb31b97c4d\iaStor.sys

 

< MD5 for: LSASS.EXE >

[2011.11.17 09:09:25 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=05F38CB7CAB3CE8E9A1812D517DA93EF -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_a69c8e86d7476262\lsass.exe

[2011.11.17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\erdnt\cache\lsass.exe

[2011.11.17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\System32\lsass.exe

[2011.11.17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\lsass.exe

[2011.11.17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_a828bb43bb2beb28\lsass.exe

[2012.06.02 06:40:31 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=A6034689ACF9D14973F8384AD5A5451E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21225_none_a6eb42a4d70be51e\lsass.exe

[2011.11.17 07:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_a66c9bbdbde5f8fa\lsass.exe

[2011.11.17 07:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_a656d407bdf6641e\lsass.exe

[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe

[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe

[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe

[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe

[2012.06.02 06:51:22 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FA7B950E4CA6AA260C4EABA19E03644D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_a8d76e24d42eb666\lsass.exe

[2011.11.17 07:24:04 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FBCB2DFA40862DAA7B1534C9538208A5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsass.exe

 

< MD5 for: NETBT.SYS >

[2010.11.20 10:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\System32\drivers\netbt.sys

[2010.11.20 10:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys

[2009.07.14 01:12:21 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=DD52A733BF4CA5AF84562A5E2F963B91 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys

 

< MD5 for: SERIAL.SYS >

[2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=5FB7FCEA0490D821F26F39CC5EA3D1E2 -- C:\Windows\System32\drivers\serial.sys

[2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=5FB7FCEA0490D821F26F39CC5EA3D1E2 -- C:\Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys

[2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=5FB7FCEA0490D821F26F39CC5EA3D1E2 -- C:\Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serial.sys

 

< MD5 for: SVCHOST.EXE >

[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe

[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe

[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

 

< MD5 for: TCPIP.SYS >

[2011.04.25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d cpip.sys

[2011.06.21 07:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466 cpip.sys

[2011.09.29 18:02:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1 cpip.sys

[2011.04.25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0 cpip.sys

[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667 cpip.sys

[2010.11.20 14:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01 cpip.sys

[2011.09.29 18:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566 cpip.sys

[2012.03.30 12:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8 cpip.sys

[2011.09.29 17:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86 cpip.sys

[2011.09.29 18:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5 cpip.sys

[2011.04.25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444 cpip.sys

[2012.03.30 12:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\erdnt\cache cpip.sys

[2012.03.30 12:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\System32\drivers cpip.sys

[2012.03.30 12:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7 cpip.sys

[2011.04.25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5 cpip.sys

[2012.03.30 11:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104 cpip.sys

[2011.06.21 07:30:45 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=93C444D118B184452132357C322124CD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_b3703df4e0e237e0 cpip.sys

[2011.06.21 07:39:53 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=C2DAAEB48F3A47C410B041A0D2382EE1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_b32e82b7c78da1d1 cpip.sys

[2011.06.21 08:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6 cpip.sys

[2012.03.30 12:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871 cpip.sys

 

< MD5 for: USERINIT.EXE >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 

< MD5 for: VOLSNAP.SYS >

[2009.07.14 03:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys

[2010.11.20 14:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\drivers\volsnap.sys

[2010.11.20 14:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys

[2010.11.20 14:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

 

< MD5 for: WININIT.EXE >

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\erdnt\cache\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 

< MD5 for: WINLOGON.EXE >

[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

 

< End of report >

Link to comment
Сподели другаде

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Гост
Отговори на тази тема

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   Не можете да качите директно снимка. Качете или добавете изображението от линк (URL)

Loading...
×
 Share
Иди на предишната тема
×
×
  • Създай ново...